home

nardy_setup.exe

Installer Application

Skill on Net ltd

The application nardy_setup.exe, “Installer MFC Application” by Skill on Net ltd has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
Skill on Net ltd  (signed and verified)

Product:
Installer Application

Description:
Installer MFC Application

Version:
1, 0, 0, 1

MD5:
fb1aa27a5c26114fb5618e202d8c8ce5

SHA-1:
a51826a6960b1c707552c1349f6fe781e950bcf6

SHA-256:
1f08f575059c8b055690d6498ce219f392e17c0db977c8bd3edb70f773ed09f0

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 3:55:45 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader3.50860
9.0.1.043

F-Prot
W32/InstallFlash.A.gen
v6.4.7.1.166

IKARUS anti.virus
not-a-virus:Downloader.InstallFlash
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.17963

McAfee
Artemis!FB1AA27A5C26
5600.6491

NANO AntiVirus
Trojan.Win32.DownLoader3.ozbrg
0.30.26.4751

Sophos
SkillOnNet Online Games (PUA)
4.98

Vba32 AntiVirus
Downloader.InstallFlash
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45416

Zillya! Antivirus
Downloader.InstallFlash.Win32.1
2.0.0.2527

File size:
304.6 KB (311,952 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2006

Original file name:
Installer.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nardy_setup.exe

Digital Signature
Signed by:
Skill on Net ltd

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/18/2009 2:00:00 AM

Valid to:
2/19/2011 1:59:59 AM

Subject:
CN=Skill on Net ltd, OU=SECURE APPLICATION DEVELOPMENT, O=Skill on Net ltd, L=Gibraltar, S=Gibraltar, C=GI

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
69D0CD252E0EC2288586193F28BF60F3

File PE Metadata
Compilation timestamp:
12/8/2010 5:12:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:ivVGhmhxAxLjgS4jcFWkLuaexJe6mOCpbbxCdx5VnqVb910u+kWZqweV9XoeAHsS:KymheFgRYWxe6opPxMAbIuiZCFe5N

Entry address:
0x177DC

Entry point:
6A, 60, 68, 18, 81, 43, 00, E8, B0, DE, FF, FF, BF, 94, 00, 00, 00, 8B, C7, E8, FC, DF, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, F8, 22, 43, 00, 8B, 4E, 10, 89, 0D, CC, D8, 44, 00, 8B, 46, 04, A3, D8, D8, 44, 00, 8B, 56, 08, 89, 15, DC, D8, 44, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, D0, D8, 44, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, D0, D8, 44, 00, C1, E0, 08, 03, C2, A3, D4, D8, 44, 00, 33, F6, 56, 8B, 3D, D0, 21, 43, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
196 KB (200,704 bytes)

Remove nardy_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.