home

e55e.tmp.exe

NoAD Application Platform

MirageWorks Inc.

Publisher:
NoAD Inc.  (signed by MirageWorks Inc.)

Product:
NoAD Application Platform

Description:
Live Updater

Version:
1, 6, 0, 41405

MD5:
dbfda9b6a5bad8a9dce3aba4caebc882

SHA-1:
75fd962669d1d186096e26768a88b0fb8eb13582

SHA-256:
37ae40123df2e296fdf91e03b4a6a861dc514d10072ee05c4dcfa5e154e206c5

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/24/2024 9:51:20 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
AdWare.W32.Agent.lpCH
2.1.4+

File size:
2.7 MB (2,808,408 bytes)

Product version:
1, 6, 0, 41405

Copyright:
Copyright (c) 2007-2008 NoAD Inc., All rights reserved.

Original file name:
napup.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\e55e.tmp.exe

Digital Signature
Signed by:
MirageWorks Inc.

Authority:
Thawte, Inc.

Valid from:
11/1/2012 9:00:00 AM

Valid to:
12/2/2013 8:59:59 AM

Subject:
CN=MirageWorks Inc., OU=marketing, O=MirageWorks Inc., L=Mapo-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3FE925A29662196AA6E34B9DA5B8BABC

File PE Metadata
Compilation timestamp:
3/20/2013 10:58:10 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:kVum4g1pM3Grv0GZCapIpwhpfP7LNtgfF7YJSPkvIZxx:kOmpnv0+GF7Y0

Entry address:
0x15CD64

Entry point:
48, 83, EC, 28, E8, 93, 6A, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 68, 10, 48, 89, 70, 18, 57, 48, 83, EC, 50, 48, 83, 60, C8, 00, 48, 8B, DA, 33, D2, 49, 8B, F0, 48, 8B, E9, 44, 8D, 42, 28, 48, 8D, 48, D0, 49, 8B, F9, E8, A4, 14, 00, 00, 48, 85, DB, 75, 15, E8, FE, 20, 00, 00, C7, 00, 16, 00, 00, 00, E8, 43, 7A, 00, 00, 83, C8, FF, EB, 2C, 48, 83, 64, 24, 30, 00, 48, 83, 64, 24, 20, 00, 48, 8D, 4C, 24, 20, 4C, 8B, CF, 4C, 8B, C6, 48, 8B, D3, C7, 44, 24, 28...
 
[+]

Entropy:
6.0429

Code size:
1.5 MB (1,589,248 bytes)

Scan e55e.tmp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.