» nosemay.exe
Overview
Analysis
File Details
Behaviors (1)

nosemay.exe

Nosemay

Shanghai Yuntong Technology Co., Ltd.

The application nosemay.exe by Shanghai Yuntong Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(NosemayP)”.

File name:

nosemay.exe

Publisher:

Shanghai Yuntong Technology Co., Ltd. (signed and verified)

Product:

Nosemay

Version:

1.0.0.1

MD5:

9aeb24fe8d5a77b99b4e1acee65359bc

SHA-1:

c50fc69104de8c33a29904bd8215330dc1a1743e

SHA-256:

5a91ca3edf0ad5b458ac3b8cd07adff02572849d0ff432f07311e2aa234d1278

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/20/2024 2:49:44 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Elex (M)

16.6.26.12

File size:

390.9 KB (400,264 bytes)

Product version:

50.27.2661.78

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\nosemay\nosemay.exe

Digital Signature

Signed by:

Shanghai Yuntong Technology Co., Ltd.

Authority:

thawte, Inc.

Valid from:

5/6/2016 5:30:00 AM

Valid to:

2/25/2017 5:29:59 AM

Subject:

CN="Shanghai Yuntong Technology Co., Ltd.", O="Shanghai Yuntong Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

1A3EAC6C38C71B1E4CE1FA41CFA093E5

File PE Metadata

Compilation timestamp:

5/30/2016 2:06:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

6144:/WJHhUBHJtCXid6Ai6iqjQrMEYK/oM0DIXPUcY86NaEbUT:yHhUBHJMX+s6i4Qrh9/oMU8fYLZIT

Entry address:

0x28EAE

Entry point:

81, 8C, 61, 00, 00, 9C, E9, 97, 99, 98, C6, 50, 31, FA, 22, 00, B2, 38, 9D, 0D, EF, 6A, 00, 00, 00, 00, 3F, 38, 66, 2B, 32, E2, 83, 3A, 68, 87, AA, 39, 02, 98, 0C, 00, 00, 00, 00, EA, 7D, 51, 65, 42, 02, 43, 35, 26, 3F, 3E, EF, 4F, B2, 9D, C8, D5, A7, 22, 00, 46, AC, 39, 99, 12, C5, B2, 2C, 95, 99, 98, C6, 8A, E4, 2C, 92, 03, 9A, 00, 00, 00, 00, 95, FA, 25, 0D, 96, 53, 00, 00, 00, 00, E4, 22, 43, 35, 5E, 0D, 4D, 6A, 34, 6F, 22, E0, 41, ED, 8F, 98, C9, A8, 2C, 00, 54, FC, 25, E0, 0C, 96, 98, 4C, 89, AE, 2C... 
[+]

Entropy:

6.8853

Code size:

285.5 KB (292,352 bytes)

Service

Display name:

Protect Service(NosemayP)

Service name:

NosemayP

Description:

To ensure your Nosemay software integrity. If this service is disabled or stopped, your Nosemay software will not be kept integrity check. This service uninstalls itself when there is no Nosemay softw

Type:

Win32OwnProcess

Depends on:

RpcSs

Remove nosemay.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.