» netsynccontentguard.exe
Overview
Analysis
File Details
Behaviors (1)

netsynccontentguard.exe

잉카엔트웍스 NetsyncContentGaurd

Inka Entworks Corp

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NCG’.

File name:

Publisher:

INKAENTWORKS INC. (signed by Inka Entworks Corp)

Product:

잉카엔트웍스 NetsyncContentGaurd

Description:

NetsyncContentGaurd

Version:

1, 1, 1304, 2410

MD5:

aafce49eb5d6b8a64718add5de6391ef

SHA-1:

1c4bd301253cf01f058953ee9f8fbaddb8ea9f75

SHA-256:

a83b9fcd18f2161251e327b5137c9742fe5e96deff7c97e7625ab1882a7f605e

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/24/2024 1:56:28 AM UTC (today)

Scan engine

Detection

Engine version

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

File size:

2.5 MB (2,611,184 bytes)

Product version:

1, 1, 1304, 2410

Original file name:

NetsyncContentGaurd.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ncg\netsynccontentguard.exe

Digital Signature

Signed by:

Inka Entworks Corp

Authority:

GlobalSign nv-sa

Valid from:

6/5/2012 6:50:19 AM

Valid to:

9/12/2013 5:33:58 AM

Subject:

CN=Inka Entworks Corp, OU=DevTeam, O=Inka Entworks Corp, L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112178C02402E395EA9B03B5D3A79085BDD0

File PE Metadata

Compilation timestamp:

4/24/2013 1:06:33 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:AmDVm7nKb4zpa/6jS4yoXAbusuSXB/sze2YPdLgDS9:h4rKGa/l4yowNuSt/2YPdLX

Entry address:

0x15A426

Entry point:

E8, D1, 2F, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 51, 8B, 45, 0C, 57, 8B, 7D, 08, 85, C0, 74, 02, 89, 38, 85, FF, 75, 17, E8, 45, 0D, 00, 00, C7, 00, 16, 00, 00, 00, E8, CC, B1, 00, 00, 33, C0, E9, 90, 01, 00, 00, 83, 7D, 10, 00, 74, 0C, 83, 7D, 10, 02, 7C, DD, 83, 7D, 10, 24, 7F, D7, 83, 65, FC, 00, 53, 56, 6A, 08, 5B, 0F, B7, 37, 53, 56, 83, C7, 02, E8, 14, 27, 01, 00, 59, 59, 85, C0, 75, ED, 66, 83, FE, 2D, 75, 06, 83, 4D, 14, 02, EB, 06, 66, 83, FE, 2B, 75, 06, 0F, B7, 37, 83, C7, 02, 83... 
[+]

Entropy:

6.7600

Code size:

1.6 MB (1,673,216 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

NCG

Command:

C:\Program Files\ncg\netsynccontentguard.exe

Scan netsynccontentguard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.