» glarab_http_proxy-1.6.0.10628.exe
Overview
Analysis
File Details
Downloads (1)

glarab_http_proxy-1.6.0.10628.exe

GLArab.com HTTP Proxy 1.6.0.10628

GLArab.com

The executable glarab_http_proxy-1.6.0.10628.exe, “GLArab.com HTTP Proxy installer application” has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.glarab.com.

File name:

Publisher:

GLArab.com

Product:

GLArab.com HTTP Proxy 1.6.0.10628

Description:

GLArab.com HTTP Proxy installer application

Version:

1.6.0.10628

MD5:

065bb501b2e8797f66b3df0a1016c4d7

SHA-1:

6736a7a68059279d9911bc41341b05f965da1f41

SHA-256:

717df4aac6da11fcc6351359773f57294d859142d2efc7e71ede855aa3bb1d95

Scanner detections:

10 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/24/2024 12:44:24 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160216-0

AVG

Win32/Sality

2015.0.4530

Dr.Web

Win32.Sector.30

9.0.1.05190

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.7480.0

Norman

Win32.Sality.3

29.02.2016 03:11:57

File size:

982 KB (1,005,592 bytes)

Product version:

1.6.0.10628

GLArab.com

Trademarks:

'GLArab.com HTTP Proxy' is a trademark of GLArab.com

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Scriptable Install System

Language:

English (United States)

Common path:

C:\users\{user}\downloads\glarab_http_proxy-1.6.0.10628.exe

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:huYzfeQMstd0QxOVCUAyJtYP31a3WNWADESt9sPxwh:cYzfWstMVnAyDYPla3NSESqwh

Entry address:

0x30CB

Entry point:

F3, 8D, 35, 94, 82, B8, 1F, 1C, 71, 89, EF, 80, DD, DE, C6, C1, 80, 0F, AF, EB, 87, CA, 3D, DA, 27, 00, 00, 70, 03, 0F, B7, C9, 88, DC, BD, CD, 56, F9, FF, 4A, 04, A1, F3, 03, DD, 0F, B6, D6, 81, C3, 8C, 21, 07, 00, 84, D2, 1C, 73, 89, D2, 8D, 2D, 13, 63, C4, FF, 30, FA, 20, C3, E8, 78, 00, 00, 00, BB, 41, B2, A9, AD, FF, C1, 05, 7F, 0D, ED, 9B, 81, ED, FB, D6, 4F, 74, 85, F8, 68, B0, 1E, 00, 00, 8A, FB, 3C, A8, 5A, C6, C3, 0D, 81, E1, D0, FA, B1, 1A, 81, EA, 2C, 0E, 00, 00, 0F, AF, EB, 41, 0F, BF, FD, 85... 
[+]

Entropy:

7.9220 (probably packed)

Code size:

22.5 KB (23,040 bytes)

The file glarab_http_proxy-1.6.0.10628.exe has been seen being distributed by the following URL.

https://www.glarab.com:447/zixi/download/.../glarab_http_proxy-1.6.0.10628.exe

Remove glarab_http_proxy-1.6.0.10628.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.