home

nca_certd.exe

certreg Application

CYBERLOTUS VIETNAM TECHNOLOGY JSC

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NCA Token Manager 1.0_vtc_newtel-ca’.
Publisher:
NewTel-CA  (signed by CYBERLOTUS VIETNAM TECHNOLOGY JSC)

Product:
certreg Application

Description:
NewTel-CA MFC Application

Version:
1, 0, 14, 305

MD5:
92bb337881ca4ef1bd5d155fb1faba0f

SHA-1:
da6931285cd303ed4b306d9e79cd971b9bf7f5bb

SHA-256:
d81b3b79eb7e50e3c6333377280b91f1b4d2c975089944f2e054fa04cc2c0509

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 2:32:09 AM UTC  (today)

File size:
143 KB (146,480 bytes)

Product version:
1, 0, 14, 305

Copyright:
Copyright (C) 2013 NewTel-CA

Original file name:
certreg.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\newca\nca token manager 1.0\nca_certd.exe

Digital Signature
Signed by:
CYBERLOTUS VIETNAM TECHNOLOGY JSC

Authority:
Thawte, Inc.

Subject:
CN=CYBERLOTUS VIETNAM TECHNOLOGY JSC, OU=IT Department, O=CYBERLOTUS VIETNAM TECHNOLOGY JSC, L=Ha Noi, S=Vietnam, C=VN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2AFEB069D18BB5D1288E4D2587BE928E

File PE Metadata
Compilation timestamp:
3/5/2014 2:36:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:YxdIhR2nzWUl6uK3K/QBwib2qUcqvpWu5nsQILWvPp/ik++jJjofpYU25JXz9K:6bn6Y5KpBwibwpnzJ6p6+xoBz9K

Entry address:
0x13EF4

Entry point:
55, 8B, EC, 6A, FF, 68, 60, 70, 41, 00, 68, 8E, 41, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 94, 64, 41, 00, 59, 83, 0D, 48, E3, 41, 00, FF, 83, 0D, 4C, E3, 41, 00, FF, FF, 15, 98, 64, 41, 00, 8B, 0D, 3C, E3, 41, 00, 89, 08, FF, 15, 9C, 64, 41, 00, 8B, 0D, 38, E3, 41, 00, 89, 08, A1, 3C, 65, 41, 00, 8B, 00, A3, 44, E3, 41, 00, E8, 28, 02, 00, 00, 39, 1D, 10, D9, 41, 00, 75, 0C, 68, 8A, 41, 41, 00, FF, 15...
 
[+]

Entropy:
5.9060

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
83.5 KB (85,504 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NCA Token Manager 1.0_vtc_newtel-ca

Command:
C:\Program Files\newca\nca token manager 1.0\nca_certd.exe


Scan nca_certd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.