» LeapFTP.exe
Overview
Analysis
File Details
Behaviors (1)

LeapFTP.exe

LeapFTP

LeapWare

The executable LeapFTP.exe, “Secure File Transfer Client” has been detected as malware by 11 anti-virus scanners.

File name:

LeapFTP.exe

Publisher:

LeapWare (signed and verified)

Product:

LeapFTP

Description:

Secure File Transfer Client

Version:

3.1.0.50

MD5:

7087945559e4fc71643967df1e4f78d1

SHA-1:

21ea4f2488114fb80c94b16a572e67dd1877f879

SHA-256:

82b055848cc0016bbca540ba65229ef289541960c8dc13a0939fb79d723e1244

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

11/15/2024 9:53:59 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Mabezat [Wrm]

160327-1

AVG

Win32/Mabezat

2015.0.4355

Dr.Web

Win32.HLLW.Tazebama

9.0.1.05190

Emsisoft Anti-Malware

Win32.Worm.Mabezat.Gen

11.5.0.6191

ESET NOD32

Win32/Mabezat.A virus

8.0.319.0

F-Prot

W32/Mabezat.A-1

4.6.5.141

F-Secure

Win32.Worm.Mabezat.Gen

5.15.96

Kaspersky

Worm.Win32.Mabezat

15.0.0.562

McAfee

Virus.W32/Mabezat.c

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.219.58.0

Norman

Win32.Worm.Mabezat.Gen

02.04.2016 17:35:19

File size:

2.1 MB (2,170,559 bytes)

Product version:

3.1

Original file name:

LeapFTP.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\leapftp 3.0\leapftp.exe

Digital Signature

Signed by:

LeapWare

Authority:

VeriSign, Inc.

Valid from:

9/28/2010 2:00:00 PM

Valid to:

9/29/2011 1:59:59 PM

Subject:

CN=LeapWare, OU=Application Security, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=LeapWare, L=Fort Worth, S=Texas, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7A8AE6A6E5FD53D9195B8B38590E5F41

File PE Metadata

Compilation timestamp:

6/19/1992 12:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:GYjbRqW5XPyjB5dLgV3DzgI4kCYaTfEKyWH+t:GUkW5XPyjBHgZx4LYWyWH+t

Entry address:

0x193A34

Entry point:

BB, 2C, 33, 59, 00, FF, E3, 00, 32, 59, 00, E8, 14, 37, E7, FF, A1, C0, 15, 5A, 00, 8B, 00, E8, 3C, 71, EE, FF, A1, C0, 15, 5A, 00, 8B, 00, 33, D2, E8, 16, 6D, EE, FF, 8B, 0D, B4, 17, 5A, 00, A1, C0, 15, 5A, 00, 8B, 00, 8B, 15, 60, CC, 55, 00, E8, 2E, 71, EE, FF, 6A, FF, 6A, FF, E8, 15, 3B, E7, FF, 50, E8, 2F, 3D, E7, FF, A1, C0, 15, 5A, 00, 8B, 00, E8, 93, 71, EE, FF, E8, D2, 10, E7, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.7166

Code size:

1.6 MB (1,649,664 bytes)

Windows Firewall Allowed Program

Name:

C:\Program Files\LeapFTP 3.0\LeapFTP.exe

Remove LeapFTP.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.