home

ntasvr.exe

Nate Address Search

SK Communications Co., Ltd.

The executable ntasvr.exe has been detected as malware by 9 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ntasvr’.
Publisher:
SK Communications  (signed by SK Communications Co., Ltd.)

Product:
Nate Address Search

Description:
ntasvr.exe

Version:
1, 0, 0, 2

MD5:
93f70691a8f1df8faefdc554d84d32e5

SHA-1:
683e0e398eb7fc92afbfe5c21fee0e6af7644eda

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
4/27/2024 1:26:19 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/DH
2017.0.2514

Baidu Antivirus
Trojan.Win32.Downloader
4.0.3.161229

Comodo Security
TrojWare.Win32.TrojanDownloader.TopFox.~A
21299

Malwarebytes
Trojan.Agent
v2016.12.29.01

McAfee
Artemis!93F70691A8F1
5600.6170

Norman
Malware
11.20161229

Rising Antivirus
PE:Trojan.Win32.Generic.12AA5421!313152545
23.00.65.161227

VIPRE Antivirus
Trojan.Win32.Malware.a
38138

Zillya! Antivirus
Downloader.Win32.5C40A3E6
2.0.0.2088

File size:
137.4 KB (140,664 bytes)

Product version:
1, 0, 0, 1

Copyright:
(c) SK Communications. All rights reserved.

Original file name:
ntasvr.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\nate\addresssearch\ntasvr.exe

Digital Signature
Signed by:
SK Communications Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/7/2008 9:00:00 AM

Valid to:
3/16/2009 8:59:59 AM

Subject:
CN="SK Communications Co., Ltd.", OU=Information Security Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="SK Communications Co., Ltd.", L=Seodaemun-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
10A9276B3F48922282CAF84C131E42CE

File PE Metadata
Compilation timestamp:
6/16/2008 7:54:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0xF2C6

Entry point:
E8, 67, 3F, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 88, F0, 41, 00, 89, 0D, 84, F0, 41, 00, 89, 15, 80, F0, 41, 00, 89, 1D, 7C, F0, 41, 00, 89, 35, 78, F0, 41, 00, 89, 3D, 74, F0, 41, 00, 66, 8C, 15, A0, F0, 41, 00, 66, 8C, 0D, 94, F0, 41, 00, 66, 8C, 1D, 70, F0, 41, 00, 66, 8C, 05, 6C, F0, 41, 00, 66, 8C, 25, 68, F0, 41, 00, 66, 8C, 2D, 64, F0, 41, 00, 9C, 8F, 05, 98, F0, 41, 00, 8B, 45, 00, A3, 8C, F0, 41, 00, 8B, 45, 04, A3, 90, F0, 41, 00, 8D, 45, 08, A3, 9C, F0, 41, 00, 8B...
 
[+]

Entropy:
6.3773

Code size:
88 KB (90,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ntasvr

Command:
"C:\Program Files\nate\addresssearch\ntasvr.exe"


Remove ntasvr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.