home

nomtray.exe

Mobility

NetMotion Wireless Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘nomtray’.
Publisher:
NetMotion Wireless, Inc.  (signed by NetMotion Wireless Inc.)

Product:
Mobility

Description:
NetMotion Tray Icon

Version:
9.51.51571

MD5:
021891101eac842809247ddfbf9093e3

SHA-1:
32052503c6a3ac2090b0e017e6aff2d6b53ec6f7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 5:00:11 PM UTC  (today)

File size:
530.6 KB (543,344 bytes)

Product version:
9.51.51571

Copyright:
Copyright © 1999-2012 NetMotion Wireless, Inc.

Trademarks:
NetMotion is a registered trademark of NetMotion Wireless, Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\netmotion client\nomtray.exe

Digital Signature
Signed by:
NetMotion Wireless Inc.

Authority:
Thawte, Inc.

Valid from:
4/11/2012 7:00:00 PM

Valid to:
5/9/2014 6:59:59 PM

Subject:
CN=NetMotion Wireless Inc., OU=DEVELOPMENT SERVICES, O=NetMotion Wireless Inc., L=Seattle, S=Washington, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3BAC12C0A5101692AC8428F0D51BC993

File PE Metadata
Compilation timestamp:
11/30/2012 2:38:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:ijN6zP6KdShCFtcoEW04KyVhEHE+uYiA/1KGzbKGz6uHnfkvZ1alKGz2oHvwpLtG:eNeWCHcoEWUwEk+uOAoHoLtG

Entry address:
0x16DAB

Entry point:
E8, EF, 71, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 56, 8B, 75, 0C, 56, E8, 09, 7E, 00, 00, 89, 45, 0C, 8B, 46, 0C, 59, A8, 82, 75, 17, E8, 40, 0E, 00, 00, C7, 00, 09, 00, 00, 00, 83, 4E, 0C, 20, 83, C8, FF, E9, 2F, 01, 00, 00, A8, 40, 74, 0D, E8, 25, 0E, 00, 00, C7, 00, 22, 00, 00, 00, EB, E3, 53, 33, DB, A8, 01, 74, 16, 89, 5E, 04, A8, 10, 0F, 84, 87, 00, 00, 00, 8B, 4E, 08, 83, E0, FE, 89, 0E, 89, 46, 0C, 8B, 46, 0C, 83, E0, EF, 83, C8, 02, 89, 46, 0C, 89, 5E, 04, 89, 5D, FC, A9, 0C, 01, 00...
 
[+]

Entropy:
5.4708

Code size:
187 KB (191,488 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
nomtray

Command:
C:\Program Files\netmotion client\nomtray.exe


Scan nomtray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.