home

berrysrv.exe

NetBerry

Sergey Sushko

It runs as a separate (within the context of its own process) windows Service named “NetBerry Server”.
Publisher:
Alchemy Lab  (signed by Sergey Sushko)

Product:
NetBerry

Version:
1, 2, 16,0, 0

MD5:
70f7fe9a7467ceeda292596996ba73b9

SHA-1:
326201255e206c57c41992d5e7040b5707472f63

SHA-256:
79c075f1bd121848895f3265516ec13ee70bd3d6a93372333617d461f7c032e9

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/18/2024 12:14:25 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.ASPack
0.98/17211

Quick Heal
(Suspicious) - DNAScan
5.15.11.00

File size:
309.6 KB (317,072 bytes)

Product version:
1, 2, 16, 0

Copyright:
Copyright (C) 2009 Alchemy Lab

Original file name:
NMC.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Sergey Sushko

Authority:
The USERTRUST Network

Valid from:
8/27/2009 3:00:00 AM

Valid to:
8/28/2010 2:59:59 AM

Subject:
CN=Sergey Sushko, O=Sergey Sushko, STREET=Vernadskogo 93-1-85, L=Moscow, S=MO, PostalCode=119526, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
17AC2748B458B5782943ED1A32C313E2

File PE Metadata
Compilation timestamp:
1/11/2010 8:32:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:q1zizLtDvBGRCiNVhOYP2cIT04UvHCiw5KKIpJd:ezetDZzkdIhUPVAK9bd

Entry address:
0x1000

Entry point:
68, 01, C0, 51, 00, E8, 01, 00, 00, 00, C3, C3, 81, 38, 49, C1, 38, 0C, 52, 2C, 8B, 65, B6, 0B, 2B, 05, B2, A1, 77, 47, A4, BD, B0, 69, 2B, 2D, 02, BC, E4, 67, 1A, 6D, 45, 46, D9, 6D, F2, C0, DD, A5, AC, 95, 2D, 41, 43, 60, 6F, 48, F0, 8A, 5B, D0, CD, 3B, 53, 6D, 2E, 74, B6, 99, 81, 6F, 4B, DD, 99, DD, 8E, B2, DD, E0, 59, 69, 05, 99, DE, F1, BD, 97, 37, 97, 1E, 5B, 79, 57, 97, 7B, C1, E7, 1E, DE, 36, C7, 6C, B5, 9A, CF, 39, E7, CF, 39, CF, 71, 92, 8F, 04, 76, AE, 5F, C3, B9, D3, F1, EE, 65, BF, 86, E6, 71...
 
[+]

Entropy:
7.9141

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
908 KB (929,792 bytes)

Service
Display name:
NetBerry Server

Service name:
berrysrv

Type:
Win32OwnProcess


Scan berrysrv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.