» NexServ.exe
Overview
Analysis
File Details
Behaviors (1)

NexServ.exe

NexCafé

Nextar Tecnologia de Software Ltda

The application NexServ.exe by Nextar Tecnologia de Softwarea has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named DealPly triggered daily at a specified time.

File name:

NexServ.exe

Publisher:

Nextar (signed by Nextar Tecnologia de Software Ltda)

Product:

NexCafé

Description:

Servidor NexCafé

Version:

5.0.0.196

MD5:

3fd6ac3bde95aa49d149921b0fc9c92c

SHA-1:

a73b9f4f6f900b9d2a034ad8b0367f7d2951466f

SHA-256:

700aa10d2fe6941664a88d91eec62d8274f8dba5b6aa1bad90674a1cd506b3ef

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 4:55:55 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Dealply (M)

16.8.25.10

File size:

21.8 MB (22,882,192 bytes)

Product version:

5.0

Original file name:

NexServ.exe

File type:

Executable application (Win32 EXE)

Language:

Brazilian Portuguese

Digital Signature

Signed by:

Nextar Tecnologia de Software Ltda

Authority:

DigiCert Inc

Valid from:

5/16/2012 9:00:00 PM

Valid to:

5/22/2013 9:00:00 AM

Subject:

CN=Nextar Tecnologia de Software Ltda, O=Nextar Tecnologia de Software Ltda, L=Florianopolis, S=Santa Catarina, C=BR

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

05C89EF595CDCD0B233BDBC9162340BB

File PE Metadata

Compilation timestamp:

4/3/2013 10:56:19 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:Q9l6iFPJkcm1a5UlGtuehKUzzBiALkgqSK8EqDIrwJjyb1ESYEwYGcsr8Dy4diWF:Q1m1WVWQIIyJE1EPTiojeVHAN

Entry address:

0xAD0BFB

Entry point:

E9, F0, 57, 00, 00, 05, 74, A7, F0, 87, 26, 31, 3A, D7, CB, B8, F8, 7A, CD, 13, 78, 3D, D3, FF, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 75, 1F, 5D, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 77, EF, 75, 09, 8B, 1E, 83, EE, FC, 8B, D8, 52, 68, 8A, B0, 48, AC, 5A, 81, C2, BD, A8, A7, 54, E9, 56, 4F, FE, FF, E8, 64, 97, FD, FF, AA, CC, 8D, 34, C6, 0E, 20, 6D, E8, 6C, 08, 01, 00, 2F, 59, FC, 69, C0, 0E, A0, 3B, 81, E2, 35, 1B, 77, 65, E8, E2, 9A, FD... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

10 MB (10,456,576 bytes)

Scheduled Task

Task name:

DealPly

Trigger:

Daily (Runs daily at 0:58)

Remove NexServ.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.