home

NrDeskHlp.exe

drsoft NrDeskHlp

Doctorsoft Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NetClient RC Helper’.
Publisher:
drsoft  (signed by Doctorsoft Co., Ltd.)

Product:
drsoft NrDeskHlp

Description:
NrDeskHlp

Version:
4, 0, 1, 1

MD5:
bd9ccbe7303e12b3087e6106ae069a51

SHA-1:
4518c770d848b79d8e34132bacab06e66a8bb478

SHA-256:
62bc7e8bb185ec0d2065ccf81e671fd8d3c8c9b063da2c6489da8096fc4dd69c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/1/2024 9:05:11 PM UTC  (today)

File size:
69.8 KB (71,440 bytes)

Product version:
1, 0, 0, 4

Copyright:
Copyright ⓒ 2004

Original file name:
NrDeskHlp.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\netclient40\rc\nrdeskhlp.exe

Digital Signature
Signed by:
Doctorsoft Co., Ltd.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
11/20/2006 8:55:09 PM

Valid to:
12/16/2008 5:15:32 PM

Subject:
CN="Doctorsoft Co., Ltd.", OU=Marketing Team, O="Doctorsoft Co., Ltd.", L=Gurogu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
1CC8D429EE8390A27830BC57C2182C3B

File PE Metadata
Compilation timestamp:
5/31/2007 10:40:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:044UqCImLdF4Az5MDT8IRtAQA6i0ZWQcHPfMhoaHKlvvM9VTM5PQqrml2donoL88:0eZHz+y0ZWQgMhoOKcxl2donoI8

Entry address:
0x2FBD

Entry point:
55, 8B, EC, 6A, FF, 68, 90, A1, 40, 00, 68, E0, 67, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 80, A0, 40, 00, 33, D2, 8A, D4, 89, 15, 4C, E0, 40, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 48, E0, 40, 00, C1, E1, 08, 03, CA, 89, 0D, 44, E0, 40, 00, C1, E8, 10, A3, 40, E0, 40, 00, 33, F6, 56, E8, 71, 1D, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, FC, 35, 00, 00, FF, 15, 7C, A0, 40, 00, A3, 5C, F7, 40, 00, E8...
 
[+]

Entropy:
5.1122

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
36 KB (36,864 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NetClient RC Helper

Command:
C:\Windows\System32\netclient40\rc\nrdeskhlp.exe


Scan NrDeskHlp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.