home

n2a_r2s.exe

N2A Restore2Stock

N2A Cards LLC

This is a setup program which is used to install the application. The file has been seen being downloaded from s3.amazonaws.com.
Publisher:
www.n2aos.com  (signed by N2A Cards LLC)

Product:
N2A Restore2Stock

Version:
2.0.0

MD5:
29c23b6d6dfaa9188dfe92215053b0b5

SHA-1:
996136162fdc6910e90d302abc29440077ad187d

SHA-256:
1b54d116c1b4ca58e3c8813152c25386b337077e6629d93b1ce10d675b71b2e2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/28/2024 1:22:54 PM UTC  (today)

File size:
20.7 MB (21,732,000 bytes)

Product version:
2.0.0

Copyright:
(c) N2A LLC. All rights reserved.

Original file name:
n2a_r2s.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\n2a_r2s.exe

Digital Signature
Signed by:
N2A Cards LLC

Authority:
DigiCert Inc

Valid from:
5/23/2014 8:00:00 PM

Valid to:
7/28/2015 8:00:00 AM

Subject:
CN=N2A Cards LLC, O=N2A Cards LLC, L=Scottsdale, S=Arizona, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01BF451A3DA809BA0FEF4DD10A293F3F

File PE Metadata
Compilation timestamp:
6/14/2014 5:12:43 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:IecnaslhlfaJt6eTTQmV7vF20mvmRUTRwYe1c2kcQF/AIiZRisetOdQNyEsVq166:IysAMeImV78vs6mYe1c2cxgRqhN1sVGP

Entry address:
0x139F7

Entry point:
E8, 3F, 54, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 90, 6C, 43, 00, 75, 02, F3, C3, E9, C1, 54, 00, 00, 8B, 4C, 24, 08, 57, 53, 56, 8A, 11, 8B, 7C, 24, 10, 84, D2, 74, 6F, 8A, 71, 01, 84, F6, 74, 55, 8B, F7, 8B, 4C, 24, 14, 8A, 07, 83, C6, 01, 3A, C2, 74, 17, 84, C0, 74, 0D, 8A, 06, 83, C6, 01, 3A, C2, 74, 0A, 84, C0, 75, F3, 5E, 5B, 5F, 33, C0, C3, 8A, 06, 83, C6, 01, 3A, C6, 75, E9, 8D, 7E, FF, 8A, 61, 02, 84, E4, 74, 28, 8A, 06, 83, C6, 02, 3A, C4, 75, BE, 8A, 41, 03, 84, C0, 74, 18, 8A, 66, FF, 83, C1, 02...
 
[+]

Entropy:
7.9885  (probably packed)

Code size:
157 KB (160,768 bytes)

The file n2a_r2s.exe has been seen being distributed by the following URL.

https://s3.amazonaws.com/n2a-images/.../n2a_r2s.exe

Scan n2a_r2s.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.