home

NonElevatedInvoker.exe

NonElevatedInvoker

NetWrix Corporation

Publisher:
NetWrix Corporation  (signed and verified)

Product:
NonElevatedInvoker

Version:
1.0.85.0

MD5:
c1cc67d20aa0dbaf679bdace453b3614

SHA-1:
bc3179a4d396af65560387d49706bcfe707b7bb2

SHA-256:
cb004e89f464c5daf011b607b3e4606a9fa844a378aa7c95f84feee7ace1b983

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 2:45:59 PM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Trojan-Downloader.Dapato
t3scan.1.9.5.0

File size:
41.3 KB (42,304 bytes)

Product version:
1.0.85.0

Copyright:
Copyright © 2010

Original file name:
NonElevatedInvoker.exe

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\msi1270.tmp

Digital Signature
Signed by:
NetWrix Corporation

Authority:
GlobalSign nv-sa

Valid from:
5/30/2011 10:33:59 AM

Valid to:
5/30/2014 10:33:59 AM

Subject:
E=trust@netwrix.com, CN=NetWrix Corporation, O=NetWrix Corporation, L=Paramus, S=New Jersey, C=US

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
01000000000130417EB690

File PE Metadata
Compilation timestamp:
1/28/2013 12:09:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:8AyZA4sr4dBn8P8iqZk7a3XzYcCeXLqp010HTrKjqRSLLc8V:8VZARrOSP8i8d3FXa0KHFc4s

Entry address:
0x9F8A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, 00, 00, 0C, 00, 00, 00, 8C, 3F...
 
[+]

Entropy:
6.5662

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
32 KB (32,768 bytes)

Scan NonElevatedInvoker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.