home

NediskUp.exe

내디스크 업로드 프로그램

dreamhands

The application NediskUp.exe by dreamhands has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
dreamhands  (signed and verified)

Product:
내디스크 업로드 프로그램

Version:
1.2.1.2

MD5:
04c7bae0a233dfabde6fac319daae6e5

SHA-1:
de79c2297b9981c6d0b5512f74ee7f3847917527

SHA-256:
41d131928b49c09ca07cfe0f528c7157e87280278f7eacb92d2862699ed4fa4d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 9:57:58 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.dreamhands (M)
15.11.4.8

File size:
1.9 MB (2,021,984 bytes)

Product version:
1.2.1.2

Copyright:
dreamhands All rights reserved.

Trademarks:
NEDISK

Original file name:
NediskUp.exe

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Common path:
C:\Program Files\nedisk\nediskup.exe

Digital Signature
Signed by:
dreamhands

Authority:
Thawte, Inc.

Valid from:
1/18/2013 7:00:00 PM

Valid to:
2/18/2014 6:59:59 PM

Subject:
CN=dreamhands, OU=Dev. Team, O=dreamhands, L=Haewoondae-gu, S=Busan, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0B697326E41B037E18A3A60272DCE067

File PE Metadata
Compilation timestamp:
10/22/2013 11:20:39 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:JnErub8DMldMk9H+xn/QnzBxEe9V2pOUBb+2x3YhEWgv:JnErub8wp8nYzFui2xohEWgv

Entry address:
0x2910A

Entry point:
E8, 84, 04, 00, 00, E9, 63, FD, FF, FF, 6A, 14, 68, 68, 81, 43, 00, E8, D0, 01, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45, DC, C3, E8, CE, 04, 00, 00, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, C6, 01, 00, 00, C2, 10, 00, 6A, 0C, 68, 88, 81, 43, 00, E8, 72, 01, 00, 00, 83, 65, E4, 00, 8B, 75, 0C, 8B, C6, 0F, AF, 45...
 
[+]

Entropy:
4.3628

Code size:
172 KB (176,128 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files\NeDisk\NeDiskUp.exe


Remove NediskUp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.