home

nomtray.exe

Mobility

NetMotion Wireless Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘nomtray’.
Publisher:
NetMotion Wireless, Inc.  (signed by NetMotion Wireless Inc.)

Product:
Mobility

Description:
NetMotion Tray Icon

Version:
10.01.15112

MD5:
a97d7a7db5a56f97bafa8aaa47ca62c1

SHA-1:
9d3e714fac4bf783c071b233f159ef1fed8d6194

SHA-256:
0e7fe62d6ed7b0268ae18d8982147d63e4af233268eb3767203db71eedfdb67b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 10:30:27 AM UTC  (today)

File size:
834 KB (854,056 bytes)

Product version:
10.01.15112

Copyright:
Copyright © 1999-2013 NetMotion Wireless, Inc.

Trademarks:
NetMotion is a registered trademark of NetMotion Wireless, Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\netmotion client\nomtray.exe

Digital Signature
Signed by:
NetMotion Wireless Inc.

Authority:
Thawte, Inc.

Valid from:
4/11/2012 8:00:00 PM

Valid to:
5/9/2014 7:59:59 PM

Subject:
CN=NetMotion Wireless Inc., OU=DEVELOPMENT SERVICES, O=NetMotion Wireless Inc., L=Seattle, S=Washington, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3BAC12C0A5101692AC8428F0D51BC993

File PE Metadata
Compilation timestamp:
9/19/2013 6:50:36 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:C7s8M7E6yjwOLEGTGMq3BJy+Nn2baNBcpYKZLnMqW:N8M7LyjhL0h3BJHNDgnMR

Entry address:
0x179D1

Entry point:
E8, 07, 8F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 56, 8B, 75, 0C, 56, E8, 21, 9B, 00, 00, 89, 45, 0C, 8B, 46, 0C, 59, A8, 82, 75, 17, E8, 40, 0E, 00, 00, C7, 00, 09, 00, 00, 00, 83, 4E, 0C, 20, 83, C8, FF, E9, 2F, 01, 00, 00, A8, 40, 74, 0D, E8, 25, 0E, 00, 00, C7, 00, 22, 00, 00, 00, EB, E3, 53, 33, DB, A8, 01, 74, 16, 89, 5E, 04, A8, 10, 0F, 84, 87, 00, 00, 00, 8B, 4E, 08, 83, E0, FE, 89, 0E, 89, 46, 0C, 8B, 46, 0C, 83, E0, EF, 83, C8, 02, 89, 46, 0C, 89, 5E, 04, 89, 5D, FC, A9, 0C, 01, 00...
 
[+]

Entropy:
5.7398

Code size:
188 KB (192,512 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
nomtray

Command:
C:\Program Files\netmotion client\nomtray.exe


Scan nomtray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.