home

necmfk.exe

One-touch Start Buttons(x64)

NEC Personal Computers, Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NECMFK’.
Publisher:
NEC Personal Computers, Ltd.  (signed and verified)

Product:
One-touch Start Buttons(x64)

Description:
NECMFK

Version:
1, 4, 2, 39

MD5:
2893146cc0c2630d41b077d4b2e303d3

SHA-1:
ee2162f947dcbcd5577e2acb8163c7a266fdd4f3

SHA-256:
6e3b2d38fd0418cbfeb29740710bc7c8e9b7b95f26f749cf1164497acbbb250a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 11:40:44 PM UTC  (a few moments ago)

File size:
151.9 KB (155,536 bytes)

Product version:
6.0.0.0

Copyright:
Copyright (C) NEC Personal Computers, Ltd. 2003-2012

Original file name:
necmfk.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\necmfk\necmfk.exe

Digital Signature
Signed by:
NEC Personal Computers, Ltd.

Authority:
VeriSign, Inc.

Valid from:
7/18/2011 7:00:00 PM

Valid to:
7/18/2012 6:59:59 PM

Subject:
CN="NEC Personal Computers, Ltd.", OU=PDD1, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="NEC Personal Computers, Ltd.", L=Shinagawa-ku, S=Tokyo, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
29F9386C30DD6D9E06204082F226BD8C

File PE Metadata
Compilation timestamp:
8/22/2011 7:34:39 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:0KtabCMn5xIS5tAks3WVuf7RbLQ9PTST4A9n/bH9mSs8hpIV3L7:0KtaCK5x35tAkef9biPWMAt/bF1cVP

Entry address:
0x100A0

Entry point:
48, 83, EC, 28, E8, A7, 3D, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 48, 8D, 59, 1C, 48, 8B, F1, BF, 01, 01, 00, 00, 48, 8B, CB, 4C, 8B, C7, 33, D2, E8, D8, F1, FF, FF, 45, 33, DB, 4C, 8D, 05, 0E, 21, 01, 00, 44, 89, 5E, 04, 44, 89, 5E, 08, 44, 89, 5E, 0C, 4C, 89, 5E, 10, 4C, 2B, C6, 44, 89, 5E, 18, 66, 66, 90, 66, 66, 66, 90, 41, 0F, B6, 04, 18, 48, 83, C3, 01, 48, 83, EF, 01, 88, 43, FF...
 
[+]

Entropy:
6.1277

Code size:
103.5 KB (105,984 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NECMFK

Command:
C:\Program Files\necmfk\necmfk.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.