home

nmsrv.exe

Alchemy Network Monitor

Sergey Sushko

It runs as a separate (within the context of its own process) windows Service named “Alchemy Network Monitor”.
Publisher:
M.I.S. Helpers  (signed by Sergey Sushko)

Product:
Alchemy Network Monitor

Version:
10, 8, 5, 0

MD5:
4665a6cd143a77ce8178abfe276f9166

SHA-1:
41407d38eed2cf331f3a6443e88db8b133b333be

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/25/2024 11:33:13 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.ASPack
0.98/17211

Quick Heal
(Suspicious) - DNAScan
8.16.11.00

File size:
588.2 KB (602,312 bytes)

Product version:
10, 8, 5, 0

Copyright:
Copyright (C) M.I.S. Helpers, 1999-2010

Original file name:
KHW.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\network management suite\alchemy network monitor\nmsrv.exe

Digital Signature
Signed by:
Sergey Sushko

Authority:
The USERTRUST Network

Valid from:
8/26/2009 5:00:00 PM

Valid to:
8/27/2010 4:59:59 PM

Subject:
CN=Sergey Sushko, O=Sergey Sushko, STREET=Vernadskogo 93-1-85, L=Moscow, S=MO, PostalCode=119526, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
17AC2748B458B5782943ED1A32C313E2

File PE Metadata
Compilation timestamp:
6/28/2010 12:53:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:SPnWLYoPJ0M1kID1Bp91dmn+lVQxACpuZf0rTVxOnLVAK9Fc:4nWLHR0UkITH1dGe6x1w8rTb2Ls

Entry address:
0x1000

Entry point:
68, 01, 70, 5A, 00, E8, 01, 00, 00, 00, C3, C3, E4, 0E, 04, E0, 4E, 45, 82, C6, 83, 59, 56, 46, C6, C2, D4, 28, 35, 8B, 05, 60, 24, A8, AC, 8B, CE, 71, 9C, 19, 50, 54, B9, A3, 5E, 6C, 06, D1, 59, 1A, B5, 01, 92, F0, 9B, 67, 27, 1E, 6F, 46, D2, 77, 1D, C1, DE, E2, 5D, 76, D3, 35, 37, A9, DD, C7, BB, 63, 51, 76, 43, 4A, 82, A7, 77, B1, 6C, B9, 92, F5, 97, B6, 0E, CB, 9B, 07, 93, B7, B3, 77, 67, 74, E2, 91, B3, DF, 79, EC, 27, C8, 4D, 34, 86, AD, 75, CB, DE, ED, CE, BB, F5, F5, CE, FD, 32, 25, FA, 22, 5E, F6...
 
[+]

Entropy:
7.7576

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
1.2 MB (1,232,896 bytes)

Service
Display name:
Alchemy Network Monitor

Service name:
netmon

Type:
Win32OwnProcess


Scan nmsrv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.