» nv_support_participant_kagu4j8zyjenakjwvidiprrwn6_lde.exe
Overview
Analysis
File Details

nv_support_participant_kagu4j8zyjenakjwvidiprrwn6_lde.exe

Netviewer application

Ringler Informatik AG

File name:

Publisher:

Netviewer AG (signed by Ringler Informatik AG)

Product:

Netviewer application

Version:

6.1.3.1658

MD5:

b12d2f6ae6ea17f1d78ea5aa2d3e837d

SHA-1:

a9060a614a63d2240b508d0c17cb98880f854e14

SHA-256:

173d4a21067b17250efff810a77d750ed94e541ea2b20399e4052f69827e004d

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/25/2024 6:54:13 AM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

PUA.Packed.PECompact-1

0.98/17411

File size:

1.5 MB (1,610,192 bytes)

Product version:

6.1.3.1658

Original file name:

Netviewer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\drtax\apps\pgms\nv_support_participant_kagu4j8zyjenakjwvidiprrwn6_lde.exe

Digital Signature

Signed by:

Ringler Informatik AG

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

9/23/2009 2:00:00 AM

Valid to:

11/18/2011 12:59:59 AM

Subject:

CN=Ringler Informatik AG, OU=IT Department, O=Ringler Informatik AG, L=Baar, S=Zug, C=CH

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

4E8650402256C4C1733234BA070C782B

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:YMD2r3UtFSfw1N0mH0Y/IeWOIs/irm10tk83grN436HiK9VENAWL:1iDU3SfwY/uIeWnm1fOgx4uZ

Entry address:

0x1000

Entry point:

B8, 74, 18, AC, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 8E, 13, FC, C6, 1E, 62, 9A, A2, 13, 5F, AC, 93, F6, DA, 0E, 4A, 3E, 62, 1D, 64, 84, 49, D6, 3D, 84, 1C, FD, 55, DD, 42, C4, E3, B2, 91, 8B, 9E, 78, 5F, B1, 83, 5D, 46, 47, 07, 34, 2B, E1, 1C, 20, 91, 34, D9, A1, 4A, 0E, DF, DB, C8, 88, 78, 69, 84, 5C, A2, B3, 9D, CD, 37, A7, 64, 76, 51, 46, 37, 34, AA, 15, CC, 52, F8, 8E, C3, 2E, 48, AC, 23, 07, 51, 2E, 10, B8, 50, A3... 
[+]

Entropy:

7.9898

Packer / compiler:

PECompact v2

Code size:

3.8 MB (3,959,808 bytes)

Scan nv_support_participant_kagu4j8zyjenakjwvidiprrwn6_lde.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.