» nhmiph64.exe
Overview
Analysis
File Details
Network (2)

nhmiph64.exe

Dupulu Sacgoqiizu Hid

The application nhmiph64.exe by Dupulu Sacgoqiizu Hid has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-54-192-159-145.sin3.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

nhmiph64.exe

Publisher:

Dupulu Sacgoqiizu Hid (signed and verified)

Version:

1.0.0.3

MD5:

5c35a794d5deb116176d8ac9a1e3ddf5

SHA-1:

ea41ff720284efdb031afe4a4c2bdf1232a86748

SHA-256:

851806333f79c31dc14910bc7cc0a79d5c0558c044dca5573a05044f8421faaf

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 1:36:46 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.ShopperZ.DupuluSacgoqiizuHid.Meta (M)

16.2.15.19

File size:

456.3 KB (467,296 bytes)

Product version:

1.0.0.3

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\shopperz150220161747\nhmiph64.exe

Digital Signature

Signed by:

Dupulu Sacgoqiizu Hid

Authority:

Dupulu Sacgoqiizu Hid

Valid from:

2/15/2016 10:47:41 PM

Valid to:

2/14/2017 10:47:41 PM

Subject:

CN=Ryfti Alhcub, O=Dupulu Sacgoqiizu Hid, L=Xilypelb, S=Jonniatfu, C=US

Issuer:

CN=Keq Wuuhf, O=Dupulu Sacgoqiizu Hid, L=Xilypelb, S=Jonniatfu, C=US

Serial number:

File PE Metadata

Compilation timestamp:

2/15/2016 10:50:14 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

6144:gCvs4IuwT8nfkkxg2Qdu2LhqHzyYoEbceAYtgE+DG/kGFPGO4JaQkKcV3oo6OAFr:CXT8nFEHFqTyYoEbVAYKDmHJXA1

Entry address:

0x222C0

Entry point:

48, 83, EC, 28, E8, 0F, 05, 00, 00, 48, 83, C4, 28, E9, 72, FE, FF, FF, CC, CC, 83, 25, 95, F7, 03, 00, 00, C3, 48, 89, 5C, 24, 08, 55, 48, 8D, AC, 24, 40, FB, FF, FF, 48, 81, EC, C0, 05, 00, 00, 8B, D9, B9, 17, 00, 00, 00, E8, 99, 05, 02, 00, 85, C0, 74, 04, 8B, CB, CD, 29, 83, 25, 64, F7, 03, 00, 00, 48, 8D, 4D, F0, 33, D2, 41, B8, D0, 04, 00, 00, E8, C3, 3A, 00, 00, 48, 8D, 4D, F0, FF, 15, F1, 2F, 02, 00, 48, 8B, 9D, E8, 00, 00, 00, 48, 8D, 95, D8, 04, 00, 00, 48, 8B, CB, 45, 33, C0, FF, 15, CF, 2F, 02... 
[+]

Entropy:

6.2197

Code size:

272 KB (278,528 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-192-159-145.sin3.r.cloudfront.net (54.192.159.145:80)

TCP (HTTP):

Connects to map2.hwcdn.net (205.185.216.42:80)

Remove nhmiph64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.