ipsec lab 2.exe

Asper

New IT Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application ipsec lab 2.exe by New IT Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from files-download-103.com.
Publisher:
C Vital  (signed by New IT Limited)

Product:
Asper

Description:
LeaveLoadLoud

Version:
4, 10, 29, 0

MD5:
4b3741df8f74e51655cd55ece1f3cb91

SHA-1:
d8433fd1271995af3c2d19587a52ef30b3180ccb

SHA-256:
110b004d158db5f33f9fb753e8967f55c15b9de5efb7cf0acfa61b153fc80309

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 3:15:14 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.New IT Limited (M)
16.8.6.22

File size:
123.8 KB (126,720 bytes)

Product version:
4, 10, 29, 0

Copyright:
Conical (c)

Trademarks:
TM2-15

Original file name:
lltmoping.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ipsec lab 2.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/3/2015 3:00:00 AM

Valid to:
2/4/2016 2:59:59 AM

Subject:
CN=New IT Limited, O=New IT Limited, STREET="48 Themistolkli Dervis Street, Centennial Building", STREET="3rd Floor, office 303", L=Nicosia, S=Nicosia, PostalCode=1066, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0E65FF1CA366ECF94666819342163027

File PE Metadata
Compilation timestamp:
3/19/2015 5:32:45 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:WeSsBR1aUeveIMwQaCkqXkbsJPJcwA5F+hOsIqtbri4YxS:WQ3aUqhiksJPJvA5F+hOsIqtzYk

Entry address:
0x5C22

Entry point:
E8, 24, 26, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 48, E6, 40, 00, E8, 9C, 0F, 00, 00, 6A, 0E, E8, 9E, 04, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, B8, 51, 9D, 01, BA, B4, 51, 9D, 01, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, EF, FC, FF, FF, 59, FF, 76, 04, E8, E6, FC, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 8B, 0F, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 69, 03, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 5D...
 
[+]

Entropy:
5.2380

Code size:
42 KB (43,008 bytes)

The file ipsec lab 2.exe has been seen being distributed by the following URL.

Remove ipsec lab 2.exe - Powered by Reason Core Security