home

nbSched.exe

NEC Battery Refresh Utility

NEC Personal Products, Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NECBatt’.
Publisher:
NEC Corporation, NEC Personal Products, Ltd.  (signed by NEC Personal Products, Ltd.)

Product:
NEC Battery Refresh Utility

Description:
NEC Battery Refresh Utility - Scheduler

Version:
1, 9, 0, 2

MD5:
b19af0844285fc6b4c3527c196e059b4

SHA-1:
0949d247adcee6732257a1d4b32cf0152a312203

SHA-256:
fc521a0405a6fb50ac43ec14f6db31307042b651800d16d243eb817174968ba6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 4:11:12 AM UTC  (today)

File size:
312.9 KB (320,400 bytes)

Product version:
1, 0, 0, 0

Copyright:
(C) NEC Corporation, NEC Personal Products, Ltd. 2007-2011

Original file name:
nbSched.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\necbatt\nbsched.exe

Digital Signature
Signed by:
NEC Personal Products, Ltd.

Authority:
VeriSign, Inc.

Valid from:
1/18/2011 9:00:00 AM

Valid to:
1/19/2012 8:59:59 AM

Subject:
CN="NEC Personal Products, Ltd.", OU=002, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="NEC Personal Products, Ltd.", L=Shinagawa-ku, S=Tokyo, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
61D18BBB183CA8C70C9E42C6A6DA2683

File PE Metadata
Compilation timestamp:
6/9/2011 11:38:49 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:0IBOwSFij6JrPYaVyl74OvAtLswZOV8d+1hpVf/miQfNLO4b9PMO:3BO5FsmchDAtLswMxpVf/5QVL7b5

Entry address:
0x11090

Entry point:
48, 83, EC, 28, E8, 47, 5C, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 8D, 05, 41, A7, 01, 00, 48, 89, 01, 33, C0, 48, 89, 41, 08, 89, 41, 10, 48, 8B, C1, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 48, 8D, 05, 12, A7, 01, 00, 48, 8B, F2, 48, 8B, D9, 48, 89, 01, 48, 8B, 3A, 48, 85, FF, 74, 46, 48, 83, C9, FF, 33, C0, F2, AE, 48, F7, D1, 48, 8D, 79, FF, E8, 45, 5D, 00, 00, 48, 85, C0, 48, 89...
 
[+]

Entropy:
6.7526

Code size:
165 KB (168,960 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NECBatt

Command:
C:\Program Files\necbatt\nbsched.exe


Scan nbSched.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.