» bnd_testsinstcr_178_201522_1123.exe
Overview
Analysis
File Details

bnd_testsinstcr_178_201522_1123.exe

Navigation

Navigation network co.,limited

The application bnd_testsinstcr_178_201522_1123.exe by Navigation network co.,limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Navigation Co., Ltd. (signed by Navigation network co.,limited)

Product:

Navigation

Version:

2.0.0.1288

MD5:

a44b450e710f32220c69dff5fe659469

SHA-1:

eedfebc2a01851ed89e447bdea1e587283e6decc

SHA-256:

32b5ebde5f78856dc850caaa46910eb96cc962ef4390bc4d70e6a3b20d6f476d

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/8/2024 1:59:02 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Navigationnetworkcolimited (M)

16.1.28.7

File size:

485.4 KB (497,016 bytes)

Product version:

2.0.0.1288

Original file name:

Navigation.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\079d9047_stp\bnd_testsinstcr_178_201522_1123.exe

Digital Signature

Signed by:

Navigation network co.,limited

Authority:

VeriSign, Inc.

Valid from:

2/18/2014 9:00:00 PM

Valid to:

2/19/2016 9:59:59 PM

Subject:

CN="Navigation network co.,limited", OU=Software Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Navigation network co.,limited", L=Hongkong, S=Hongkong, C=HK

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2617E71F3DD61639E291AD2D048E1D8A

File PE Metadata

Compilation timestamp:

12/22/2014 7:08:03 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:1+5bImNdcoTb/eW5O0P25fAO+KvNuMdqdGiX5W+dGLhIMO:1UbImNdcoP/20PcIO+OXsGqZG1Ij

Entry address:

0x1D984

Entry point:

E8, 82, BC, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 3C, 83, 7D, 08, 00, 75, 13, E8, 4B, 2B, 00, 00, 6A, 16, 5E, 89, 30, E8, 82, 71, 00, 00, 8B, C6, EB, 25, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 09, E8, 2D, 2B, 00, 00, 6A, 22, EB, E0, 50, FF, 75, 10, FF, 75, 08, E8, 9E, ED, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 55, 8B, EC, 83, 3D, 7C, 74, 44, 00, 00, 75, 75, 8B, 55, 08, 85, D2, 75, 17, E8, FD, 2A, 00, 00, C7, 00, 16, 00, 00, 00, E8, 33, 71, 00, 00, B8, FF, FF, FF, 7F, 5D, C3... 
[+]

Code size:

215 KB (220,160 bytes)

Remove bnd_testsinstcr_178_201522_1123.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.