» nadlprintmanager.exe
Overview
Analysis
File Details
Downloads (1)

nadlprintmanager.exe

국회도서관 통합뷰어(인쇄모듈)

National Assembly Library

The application nadlprintmanager.exe, “국회도서관 통합뷰어(인쇄모듈) Setup ” by National Assembly Library has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dl.nanet.go.kr.

File name:

Publisher:

National Assembly Library (signed and verified)

Product:

국회도서관 통합뷰어(인쇄모듈)

Description:

국회도서관 통합뷰어(인쇄모듈) Setup

MD5:

915a924f4bfc5f8638819d81dcda0f0e

SHA-1:

953271a4e04d11bde1795e27cc0fcf02588f046b

SHA-256:

9ec3659c31cf47f0b93f572b85f4300bcd24f44c560a961aa4071eb6af19d668

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

5/4/2024 7:25:49 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.IM (L)

17.3.14.4

File size:

1.7 MB (1,774,840 bytes)

National Assembly Library

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\nadlprintmanager.exe

Digital Signature

Signed by:

National Assembly Library

Authority:

Thawte, Inc.

Valid from:

12/8/2011 9:00:00 AM

Valid to:

3/9/2013 8:59:59 AM

Subject:

CN=National Assembly Library, O=National Assembly Library, L=yeongdungpogu, S=seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

77D97FAD35A23F94036E5B7FBB06B0AB

File PE Metadata

Compilation timestamp:

6/20/1992 7:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Entropy:

7.9927

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file nadlprintmanager.exe has been seen being distributed by the following URL.

http://dl.nanet.go.kr/html/.../NADLPrintManager.exe

Remove nadlprintmanager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.