home

img002.exe

The program is a setup application that uses the Nullsoft Scriptable Install System installer.
MD5:
5402bf24ae076240f02396e0597c71a9

SHA-1:
d66f325183a1a42378da5191ce87a1ef28e4514c

SHA-256:
db66d800e978128e3273c5c875f967690f6600bbec7a8b37f26b37de989792f5

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/21/2025 12:33:16 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Virtob-1633
0.98/23172

File size:
3.3 MB (3,494,571 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\users\{user}\appdata\roaming\nscpucnminer\img002.exe

File PE Metadata
Compilation timestamp:
12/6/2009 6:51:50 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30DE

Entry point:
0F, BE, D9, BE, 5C, C7, 4F, 65, 3A, D0, 87, E9, C6, C6, 21, FF, C5, 0F, AF, E9, 77, 09, 80, CD, 88, F7, C0, 8D, 1C, 80, 91, C6, C5, 79, 4E, FF, CA, 80, FD, E8, EB, 07, 88, DA, 8A, FA, F6, C0, 9A, 8D, 3D, 89, DA, 05, 00, F2, 81, EF, EE, D8, 03, 00, FE, C1, F7, C5, 99, 41, B0, FC, 85, F3, 57, BB, 44, FD, C9, DA, 1A, CC, F7, C3, 6A, 02, F7, 27, 5D, F6, C5, 4F, 4B, C6, C3, 91, B2, 56, FE, CA, 2B, C5, 73, 06, 8B, D0, FF, C3, FE, C9, 05, 7D, CE, 01, 00, 84, D3, 85, C5, 69, EE, 68, 82, 3E, 53, 49, 0F, AF, CF, 0F...
 
[+]

Entropy:
7.9949  (probably packed)

Code size:
23 KB (23,552 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to win15.securedc.com  (64.8.117.67:80)

TCP (HTTP):
Connects to host176.b5.trdns.com  (77.245.148.176:80)

Scan img002.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.