home

npeUpdate.exe

Nitrobit Policy Extensions

analytiq consulting gmbh

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘npeUpdate’.
Publisher:
analytiq consulting gmbh  (signed and verified)

Product:
Nitrobit Policy Extensions

Description:
npeUpdate.exe

Version:
2, 0, 7, 2

MD5:
e8921bc602339dd4945fd7d5ec5ecbec

SHA-1:
cabde0aeb84501dff6f24e0a4324fd9a31642cae

SHA-256:
9e26664e7679e5e3c96d1849f0512107025473be493e9ab0f0325bf63e65282b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 12:22:50 AM UTC  (today)

File size:
317.6 KB (325,272 bytes)

Product version:
2, 0, 7, 2

Copyright:
Copyright (C) 2008 analytiq consulting gmbh

Original file name:
npeUpdate.exe

File type:
Executable application (Win64 EXE)

Language:
German (Germany)

Common path:
C:\Program Files\nitrobit policy extensions\x64\npeupdate.exe

Digital Signature
Signed by:
analytiq consulting gmbh

Authority:
COMODO CA Limited

Valid from:
11/14/2011 9:00:00 PM

Valid to:
11/14/2012 8:59:59 PM

Subject:
CN=analytiq consulting gmbh, O=analytiq consulting gmbh, STREET=Hermann-Steinhaeuser-Strasse, STREET=43-47, L=Offenbach, S=HE, PostalCode=63065, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CFBA98A11DED0A66E04147197561684A

File PE Metadata
Compilation timestamp:
3/21/2012 6:31:39 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:UUIwN3BHRmtwseiifKp6k4G+fYOmdiRjwREjW:fI03BHm5ifK6k2BwEjW

Entry address:
0x2D308

Entry point:
48, 83, EC, 28, E8, 1B, 64, 00, 00, 48, 83, C4, 28, E9, 1A, FE, FF, FF, CC, CC, 4C, 8D, 0D, FD, B6, 01, 00, 33, C0, 49, 8B, D1, 44, 8D, 40, 08, 3B, 0A, 74, 2B, FF, C0, 49, 03, D0, 83, F8, 2D, 72, F2, 8D, 41, ED, 83, F8, 11, 77, 06, B8, 0D, 00, 00, 00, C3, 81, C1, 44, FF, FF, FF, B8, 16, 00, 00, 00, 83, F9, 0E, 41, 0F, 46, C0, C3, 48, 98, 41, 8B, 44, C1, 04, C3, CC, 48, 83, EC, 28, E8, C7, 08, 00, 00, 48, 85, C0, 75, 09, 48, 8D, 05, 0F, B8, 01, 00, EB, 04, 48, 83, C0, 10, 48, 83, C4, 28, C3, 48, 83, EC, 28...
 
[+]

Code size:
238.5 KB (244,224 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
npeUpdate

Command:
"C:\Program Files\nitrobit policy extensions\x64\npeupdate.exe" --setuser


Scan npeUpdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.