» glarab_http_proxy-1.6.0.10628.exe
Overview
Analysis
File Details

glarab_http_proxy-1.6.0.10628.exe

GLArab.com HTTP Proxy 1.6.0.10628

Ava Telecom Ltd.

The executable glarab_http_proxy-1.6.0.10628.exe, “GLArab.com HTTP Proxy installer application” has been detected as malware by 10 anti-virus scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.

File name:

Publisher:

GLArab.com (signed by Ava Telecom Ltd.)

Product:

GLArab.com HTTP Proxy 1.6.0.10628

Description:

GLArab.com HTTP Proxy installer application

Version:

1.6.0.10628

MD5:

26b235fe9a149cf0798213e7c80b7bd8

SHA-1:

d3f37eda7e4a3b5d16f05043219a547daa5c7b36

SHA-256:

e0c77c08e2a295b403dc6083ee4e51c7ca6f488bebf453c212f9fa846dabd6aa

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

11/24/2024 12:43:28 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Parite

160518-2

AVG

Win32/Parite

2015.0.4568

Dr.Web

Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

11.5.0.6191

ESET NOD32

Win32/Parite.B virus

8.0.319.0

F-Prot

W32/Parite.B

4.6.5.141

F-Secure

Win32.Parite.B

5.15.96

McAfee

Virus.W32/Pate.b

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.221.714.0

Norman

Win32.Parite.B

19.05.2016 05:17:13

File size:

1.1 MB (1,105,880 bytes)

Product version:

1.6.0.10628

GLArab.com

Trademarks:

'GLArab.com HTTP Proxy' is a trademark of GLArab.com

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\glarab_http_proxy-1.6.0.10628.exe

Digital Signature

Signed by:

Ava Telecom Ltd.

Authority:

GoDaddy.com, Inc.

Valid from:

5/5/2011 8:54:23 PM

Valid to:

5/5/2014 8:54:23 PM

Subject:

CN=Ava Telecom Ltd., O=Ava Telecom Ltd., L=Hamilton, S=Hamilton, C=BM

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B20137DFF09D1

File PE Metadata

Compilation timestamp:

12/5/2009 10:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:BzfeQMstd0QxOVCUAyJtYP31a3WNWADESt9sPxwDe5R57qFw0P:VfWstMVnAyDYPla3NSESqwsR1qv

Entry address:

0x43000

Entry point:

B9, C8, 4F, 27, 00, 68, 1E, 30, 44, 00, 5F, BE, 98, 05, 00, 00, FF, 34, 3E, 31, 0C, 24, 8F, 04, 3E, 83, EE, 04, 90, 75, F1, 90, 90, 90, 20, 32, 26, 00, C8, 4F, 27, 00, C8, 4F, 67, 00, 03, 7F, 27, 00, D0, 67, 29, 00, 10, 60, 29, 00, C8, FF, 25, 00, C9, 4F, 27, 00, A8, 3F, 67, 00, 4C, 37, 67, 00, 5E, 37, 67, 00, 70, 2D, 27, 00, 4A, 37, 27, 00, 5C, 37, 27, 00, A8, 11, 27, 00, 4A, 37, 27, 00, 5C, 37, 27, 00, C8, 4F, 27, 00, C8, 4F, 27, 00, C8, 4F, 27, 00, C8, 4F, 27, 00, 1C, 3F, 67, 00, C8, 4F, 27, 00, C8, 4F... 
[+]

Code size:

22.5 KB (23,040 bytes)

Remove glarab_http_proxy-1.6.0.10628.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.