home

ntasvr.exe

Nate Address Search

SK Communications Co., Ltd.

It runs as a separate (within the context of its own process) windows Service named “Nate Address Search Service”.
Publisher:
SK Communications  (signed by SK Communications Co., Ltd.)

Product:
Nate Address Search

Description:
ntasvr.exe

Version:
1, 0, 0, 7

MD5:
09d6c5368440b9ede2bccd2d0c6fbc86

SHA-1:
9c06bc2c67735d22d2455b797fe5e1931eb938b3

SHA-256:
7fad67782393e7a637aa4bd863479f63ec8f2c76bea509fa275b4362100af80b

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/23/2024 6:00:12 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.OnlineGameGBIS.Trojan
1.3.0.6379

Malwarebytes
Trojan.Agent
v2015.06.14.02

File size:
137.4 KB (140,664 bytes)

Product version:
1, 0, 0, 7

Copyright:
(c) SK Communications. All rights reserved.

Original file name:
ntasvr.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\nate\addresssearch\ntasvr.exe

Digital Signature
Signed by:
SK Communications Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/5/2009 9:00:00 AM

Valid to:
3/16/2010 8:59:59 AM

Subject:
CN="SK Communications Co., Ltd.", OU=Information Security Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="SK Communications Co., Ltd.", L=Seodaemun-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5243DC04D67C100E1788882605A728A1

File PE Metadata
Compilation timestamp:
6/29/2009 1:43:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:adOeBQSjqow+bgki04SFY82nlzWxJ9Emtqb/JoK:qT1K+buSFYTlC9ENb/J5

Entry address:
0xF319

Entry point:
E8, 64, 3F, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 88, F0, 41, 00, 89, 0D, 84, F0, 41, 00, 89, 15, 80, F0, 41, 00, 89, 1D, 7C, F0, 41, 00, 89, 35, 78, F0, 41, 00, 89, 3D, 74, F0, 41, 00, 66, 8C, 15, A0, F0, 41, 00, 66, 8C, 0D, 94, F0, 41, 00, 66, 8C, 1D, 70, F0, 41, 00, 66, 8C, 05, 6C, F0, 41, 00, 66, 8C, 25, 68, F0, 41, 00, 66, 8C, 2D, 64, F0, 41, 00, 9C, 8F, 05, 98, F0, 41, 00, 8B, 45, 00, A3, 8C, F0, 41, 00, 8B, 45, 04, A3, 90, F0, 41, 00, 8D, 45, 08, A3, 9C, F0, 41, 00, 8B...
 
[+]

Entropy:
6.3817

Code size:
88 KB (90,112 bytes)

Service
Display name:
Nate Address Search Service

Service name:
NTAService

Type:
Win32OwnProcess


Scan ntasvr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.