home

NediskUp.exe

내디스크 업로드 프로그램

dreamhands

The application NediskUp.exe by dreamhands has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
dreamhands  (signed and verified)

Product:
내디스크 업로드 프로그램

Version:
1.2.1.2

MD5:
f346770cacf11e986f0b345555f706d5

SHA-1:
81f8253177a9e62e95ce5ca0c77cc41fc288ea41

SHA-256:
e4eb75ef023313172d7d9f2d8e1b44de7443d1a0fb6076c5e43b13b90243fb44

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 7:14:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.dreamhan (M)
16.7.2.18

File size:
1.9 MB (2,021,472 bytes)

Product version:
1.2.1.2

Copyright:
dreamhands All rights reserved.

Trademarks:
NEDISK

Original file name:
NediskUp.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\nedisk\nediskup.exe

Digital Signature
Signed by:
dreamhands

Authority:
Thawte, Inc.

Valid from:
1/19/2013 9:00:00 AM

Valid to:
2/19/2014 8:59:59 AM

Subject:
CN=dreamhands, OU=Dev. Team, O=dreamhands, L=Haewoondae-gu, S=Busan, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0B697326E41B037E18A3A60272DCE067

File PE Metadata
Compilation timestamp:
8/9/2013 11:43:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:cvUVyBi0WAeRxnDB2iVypKQMln2qOUU8+2x3YhEWg4:cvUVyBi0IxA4yis12xohEWg4

Entry address:
0x28F8A

Entry point:
E8, 84, 04, 00, 00, E9, 63, FD, FF, FF, 6A, 14, 68, B8, 80, 43, 00, E8, D0, 01, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45, DC, C3, E8, CE, 04, 00, 00, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, C6, 01, 00, 00, C2, 10, 00, 6A, 0C, 68, D8, 80, 43, 00, E8, 72, 01, 00, 00, 83, 65, E4, 00, 8B, 75, 0C, 8B, C6, 0F, AF, 45...
 
[+]

Entropy:
4.3614

Code size:
171.5 KB (175,616 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files (x86)\NeDisk\NeDiskUp.exe


Remove NediskUp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.