home

NediskUp.exe

내디스크 업로드 프로그램

dreamhands

The application NediskUp.exe by dreamhands has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
dreamhands  (signed and verified)

Product:
내디스크 업로드 프로그램

Version:
1.2.1.4

MD5:
1a622b3656240e5019df62569a779e5d

SHA-1:
2f171518c0caaff89cde52b95d903d0c2d8d0959

SHA-256:
4b4a003a91a4105ca17e015e9026259238e44cc44c6210cb19a76c3f96122755

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 1:24:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.dreamhands
15.3.1.12

File size:
1.9 MB (2,016,864 bytes)

Product version:
1.2.1.4

Copyright:
dreamhands All rights reserved.

Trademarks:
NEDISK

Original file name:
NediskUp.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\nedisk\nediskup.exe

Digital Signature
Signed by:
dreamhands

Authority:
Thawte, Inc.

Valid from:
1/19/2013 9:00:00 AM

Valid to:
2/19/2014 8:59:59 AM

Subject:
CN=dreamhands, OU=Dev. Team, O=dreamhands, L=Haewoondae-gu, S=Busan, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0B697326E41B037E18A3A60272DCE067

File PE Metadata
Compilation timestamp:
12/11/2013 3:47:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:HGYcYxBgqylNM3ytVdahVO8nY2x3YhEWgKs:HjxBvyPCWUhS2xohEWgx

Entry address:
0x287C3

Entry point:
E8, 30, 05, 00, 00, E9, 36, FD, FF, FF, 6A, 14, 68, 48, 74, 43, 00, E8, CF, 01, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45, DC, C3, E8, 75, 05, 00, 00, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, C5, 01, 00, 00, C2, 10, 00, 6A, 0C, 68, 68, 74, 43, 00, E8, 71, 01, 00, 00, 83, 65, E4, 00, 8B, 75, 0C, 8B, C6, 0F, AF, 45...
 
[+]

Entropy:
4.3553

Code size:
170 KB (174,080 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files (x86)\NeDisk\NeDiskUp.exe


Remove NediskUp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.