home

ez-plus_wind1_s.exe

Nbiz Solution

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
Nbiz Solution  (signed and verified)

MD5:
f93e9528e78dead7cb12c155f17c29f0

SHA-1:
e930a5a9078b5fc4d90d085a16703a0b9abc3e2c

SHA-256:
cdd231c283f1d779b2ed7f57329eba1179e5fcff44712b415d7f46519781dffc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 1:40:56 PM UTC  (today)

File size:
1.1 MB (1,169,288 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\templates\ez-plus_wind1_s.exe

Digital Signature
Signed by:
Nbiz Solution

Authority:
eBiz Networks Ltd

Valid from:
2/18/2011 9:00:00 AM

Valid to:
2/18/2013 8:59:59 AM

Subject:
CN=Nbiz Solution, OU=web team, O=Nbiz Solution, STREET="Sangdo-dong, Dongjak-gu, Seoul, Korea", STREET=527, L=Seoul, S=Dongjak-gu, PostalCode=156-030, C=KR

Issuer:
CN=eBiz Networks Certificate Services, O=eBiz Networks Ltd, C=KR

Serial number:
00C8ED8652685B5CCF51C3A894A6D4DE53

File PE Metadata
Compilation timestamp:
12/6/2009 7:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:CbB/VdeWr3AP1LL6RXnFCB9J5JqqAi3KDRDXqR/tlxaItF2r:QB/Vde9P1LL6ZFKbLAoIi/tl9tF2r

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9873

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Scan ez-plus_wind1_s.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.