» netsfere.exe
Overview
Analysis
File Details
Behaviors (1)

netsfere.exe

AS Sertifitseerimiskeskus

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NetSfere’.

File name:

netsfere.exe

Publisher:

AS Sertifitseerimiskeskus (signed and verified)

MD5:

486a4e87f7fc0d4fdad4d97c5c2ca108

SHA-1:

0833016fd2dfb5489323c08361873162c223aafb

SHA-256:

552a3b96f93545d8ae487e2ac6045904fdb982a7decbb0683ef00fb3d2f947f0

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 1:19:48 AM UTC (today)

File size:

39.4 MB (41,287,826 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\netsfere\netsfere.exe

Digital Signature

Signed by:

AS Sertifitseerimiskeskus

Authority:

AS Sertifitseerimiskeskus

Valid from:

10/30/2010 3:40:30 PM

Valid to:

12/18/2030 5:29:59 AM

Subject:

E=pki@sk.ee, CN=EE Certification Centre Root CA, O=AS Sertifitseerimiskeskus, C=EE

Issuer:

E=pki@sk.ee, CN=EE Certification Centre Root CA, O=AS Sertifitseerimiskeskus, C=EE

Serial number:

5480F9A073ED3F004CCA89D8E371E64A

File PE Metadata

Compilation timestamp:

2/19/2014 2:36:14 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

786432:CqoAkEy88PjBHvaQy/yBtn/RbRZb2QI6LqMQ05tnVBXL8Xvu2ae85ko9w0xyaWuH:3kEy88Pj5vaQyM/R7b2F6LqUjVBXL8Xs

Entry address:

0x1863FD6

Entry point:

E8, 5A, DC, 00, 00, E9, 89, FE, FF, FF, B8, 7A, 27, C7, 01, A3, 88, 80, 9C, 02, C7, 05, 8C, 80, 9C, 02, 70, 1E, C7, 01, C7, 05, 90, 80, 9C, 02, 24, 1E, C7, 01, C7, 05, 94, 80, 9C, 02, 5D, 1E, C7, 01, C7, 05, 98, 80, 9C, 02, C6, 1D, C7, 01, A3, 9C, 80, 9C, 02, C7, 05, A0, 80, 9C, 02, F2, 26, C7, 01, C7, 05, A4, 80, 9C, 02, E2, 1D, C7, 01, C7, 05, A8, 80, 9C, 02, 44, 1D, C7, 01, C7, 05, AC, 80, 9C, 02, D0, 1C, C7, 01, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 48, E7, 00, 00, DB... 
[+]

Entropy:

6.8620

Code size:

31 MB (32,465,408 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

NetSfere

Command:

"C:\Program Files\netsfere\netsfere.exe"

Scan netsfere.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.