» shaherezada.exe
Overview
Analysis
File Details
Downloads (1)

shaherezada.exe

LLC ITC

The application shaherezada.exe by LLC ITC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from forces.club-4file.ru.

File name:

shaherezada.exe

Publisher:

LLC ITC (signed and verified)

MD5:

96b471f1d047eb8ee9c15068455d6ba3

SHA-1:

71930d28fccf2f7a3a215e88dbb8c80a6415e6cb

SHA-256:

153a5058e96edb093a0b59f8aa5f5f982a2edb8a3bb33f5a1cc68ef6b2e24d93

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/19/2024 8:14:49 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.12.31.1

File size:

418.9 KB (428,904 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\shaherezada.exe

Digital Signature

Signed by:

LLC ITC

Authority:

COMODO CA Limited

Valid from:

6/26/2014 3:00:00 AM

Valid to:

6/27/2015 2:59:59 AM

Subject:

CN=LLC ITC, O=LLC ITC, STREET=Vvedenskogo 11/3, L=Moscow, S=Moscow oblast, PostalCode=117342, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F4DBD55156EE0DAFED4BAB130328504E

File PE Metadata

Compilation timestamp:

7/15/2014 9:53:07 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.12

Entry address:

0x704C

Entry point:

13, 44, 24, F8, 33, 2D, BC, 79, 42, 00, 29, DB, FD, 81, C2, 05, 20, 09, C5, 89, C1, 8B, 44, 24, F4, 11, CB, C1, C6, 02, C1, FB, 06, 2B, 5C, 24, FC, C1, EF, 04, 40, 0B, 6C, 24, F8, FD, C1, E6, 16, C1, FA, 0C, 19, CF, C1, C2, 06, C1, D6, 12, 4B, 8B, 44, 24, FC, 89, F1, F5, 90, F7, D3, C1, EB, 15, 87, FB, 03, 44, 24, EC, FD, 13, 5C, 24, F0, 33, 05, C3, 1D, 45, 00, 81, D5, 1D, 66, D3, 7B, 13, 54, 24, FC, 41, C1, E2, 09, C1, FF, 07, 1B, 74, 24, 14, F7, D7, C1, FF, 16, 8B, 6C, 24, F4, 31, D7, 4A, C1, C6, 1D, C1... 
[+]

Code size:

372 KB (380,928 bytes)

The file shaherezada.exe has been seen being distributed by the following URL.

http://forces.club-4file.ru/NTM2NTtodHRwJTNBJTJGJTJGenZ1a29mZi5ydSUyRmRvd25sb2FkJTJGMjc0MzQwMztuYW1lPSVEMCVBOCVEMCVCMCVEMSU4NSVEMCVCNSVEMSU4MCVEMCVCNSVEMCVCNyVEMCVCMCVEMCVCNCVEMCVCMDtzaXplPTgwMTk4Mjg7dHlwZT1hdWRpbw==

Remove shaherezada.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.