gambali_iobitdel.exe

Gambali.exe

Gambali OEM Software

The application gambali_iobitdel.exe has been detected as a potentially unwanted program by 2 anti-malware scanners.
Publisher:
Gambali OEM Software

Product:
Gambali.exe

Version:
2.3.3.10

MD5:
ffb4a20379a29dd29112e31f86eedcac

SHA-1:
8bb32abf9a5d2289209a67d14476ac8d29c99354

SHA-256:
dfc9da209851eb880f36f4091770e9843fe656067d0d8e59fd8aa1361af33320

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 4:15:48 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.AlimenMain
16.10.27.1

File size:
1.8 MB (1,916,456 bytes)

Product version:
2.3.3.10

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\application data\flashbeat\gambali_iobitdel.exe

File PE Metadata
Compilation timestamp:
3/31/2015 1:21:14 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
49152:QSrYdEh5FH+YDAM2m85iXSQyQMd9mkZ4B9xtQBq:Q1Eh51+DDmWiidNH5Z4r8q

Entry address:
0x4D0F

Entry point:
E8, 8D, 6D, 00, 00, E9, A4, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 44, 21, 43, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 57, 6E, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, 94, 4E, 40, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72...
 
[+]

Code size:
164 KB (167,936 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-225-208-27.compute-1.amazonaws.com  (54.225.208.27:80)

TCP (HTTP SSL):
Connects to 177.43.170.118.static.host.gvt.net.br  (177.43.170.118:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:443)

TCP (HTTP SSL):
Connects to ec2-52-89-80-240.us-west-2.compute.amazonaws.com  (52.89.80.240:443)

TCP (HTTP SSL):
Connects to algartelecom-fac001.cache.google.com  (189.112.10.30:443)

TCP (HTTP):
Connects to nl.redir.opera.com  (82.145.215.91:80)

TCP (HTTP):
Connects to ec2-50-17-181-149.compute-1.amazonaws.com  (50.17.181.149:80)

TCP (HTTP SSL):
Connects to ec2-52-43-240-174.us-west-2.compute.amazonaws.com  (52.43.240.174:443)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.deb.yahoo.com  (87.248.118.23:443)

TCP (HTTP SSL):
Connects to msnbot-207-46-194-29.search.msn.com  (207.46.194.29:443)

TCP (HTTP SSL):
Connects to googlecom246.static.host.gvt.net.br  (187.115.167.246:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP):
Connects to ec2-54-243-186-204.compute-1.amazonaws.com  (54.243.186.204:80)

TCP (HTTP):
Connects to ec2-54-235-95-208.compute-1.amazonaws.com  (54.235.95.208:80)

TCP (HTTP SSL):
Connects to ec2-52-59-202-253.eu-central-1.compute.amazonaws.com  (52.59.202.253:443)

TCP (HTTP SSL):
Connects to ec2-52-29-221-94.eu-central-1.compute.amazonaws.com  (52.29.221.94:443)

TCP (HTTP SSL):
Connects to ec2-34-194-0-57.compute-1.amazonaws.com  (34.194.0.57:443)

TCP (HTTP SSL):
Connects to ec2-204-236-229-1.compute-1.amazonaws.com  (204.236.229.1:443)

TCP (HTTP SSL):
Connects to cluster.suamusica.com.br  (72.29.88.114:443)

TCP (HTTP SSL):
Connects to a23-67-133-73.deploy.static.akamaitechnologies.com  (23.67.133.73:443)

Remove gambali_iobitdel.exe - Powered by Reason Core Security