» nb650-install.exe
Overview
Analysis
File Details
Programs (1)
Downloads (2)

nb650-install.exe

DJI Interprises, LLC

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program Newsbin Pro. The file has been seen being downloaded from www.newsbin.com and multiple other hosts.

File name:

nb650-install.exe

Publisher:

DJI Interprises, LLC (signed and verified)

MD5:

2ac73e3751782952d0b00149e1e01997

SHA-1:

d3c21686127582771446d5bc1a657d00abe39876

SHA-256:

e4117c5a3759ab17b91de77da4c13dd307071bf27d8fa5aaa39ba47eff01410f

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 8:46:59 PM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Malware.XPACK/RDM!5.1

23.00.65.131220

Trend Micro House Call

TROJ_GEN.F47V1211

7.2.356

File size:

1.8 MB (1,872,032 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\nb650-install.exe

Digital Signature

Signed by:

DJI Interprises, LLC

Authority:

Thawte, Inc.

Valid from:

5/8/2013 3:00:00 AM

Valid to:

5/29/2015 2:59:59 AM

Subject:

CN="DJI Interprises, LLC", OU=SECURE APPLICATION DEVELOPMENT, O="DJI Interprises, LLC", L=Fairfax, S=Virginia, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3C67485F543CD668F0374C0218533175

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:nTKk1QAharI15OnAvb30VQFKp0aM0Kk7Vgveg1:TKk1QwaA5f35raM0KN

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file nb650-install.exe has been discovered within the following program.

Newsbin Pro by DJI Interprises, LLC

About 8% of users remove it

The file nb650-install.exe has been seen being distributed by the following 2 URLs.

http://www.newsbin.com/download.php?reg=1&filename=nb650-install.exe&version=6.50

http://www.newsbin.com/download.php?reg=1&filename=nb650-install.exe&version=6.50-64

Scan nb650-install.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.