» nvtray.exe
Overview
Analysis
File Details
Network (26)

nvtray.exe

The executable nvtray.exe has been detected as malware by 18 anti-virus scanners. While running, it connects to the Internet address www.turktelekom.com.tr on port 443.

File name:

nvtray.exe

Version:

1.0.0.0

MD5:

13a6572cc41b5b578eab0d7261d077b1

SHA-1:

14bccfb76503bd6dc90c2e69981161ffa571e669

SHA-256:

4f23e073265564d5f16f1a79692a1b67ddeed4cf04563a89ad13b0a86ec8258a

Scanner detections:

18 / 68

Status:

Malware

Analysis date:

4/27/2024 12:16:25 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.115814

774

Avira AntiVirus

TR/ATRAPS.Gen

7.11.196.132

avast!

Win32:Malware-gen

2014.9-141223

AVG

MSIL6

2015.0.3252

Baidu Antivirus

Trojan.MSIL.Clicker

4.0.3.141223

Bitdefender

Gen:Variant.Zusy.115814

1.0.20.1785

Comodo Security

UnclassifiedMalware

20404

Emsisoft Anti-Malware

Gen:Variant.Zusy.115814

8.14.12.23.09

ESET NOD32

MSIL/TrojanClicker.Agent.NIR (variant)

8.10895

F-Secure

Gen:Variant.Zusy.115814

11.2014-23-12_3

G Data

Gen:Variant.Zusy.115814

14.12.24

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2753

McAfee

Artemis!13A6572CC41B

5600.6908

Microsoft Security Essentials

TrojanDownloader:MSIL/Balamid.A

1.11302

MicroWorld eScan

Gen:Variant.Zusy.115814

15.0.0.1071

Panda Antivirus

Trj/CI.A

14.12.23.09

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0C1H07LE14

7.2.357

File size:

125.5 KB (128,512 bytes)

Product version:

1.0.0.0

Original file name:

LSM.exe

File type:

Executable application (Win32 EXE)

Language:

Turkish (Turkey)

Common path:

C:\ProgramData\nvtray.exe

File PE Metadata

Compilation timestamp:

12/14/2014 6:42:18 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:ntUWdDr4PeoPKwiCsWF0uwBiAuLzN40jQvhHNcm:6Wce+ZnfuGi/vhHNc

Entry address:

0x2083E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

122.5 KB (125,440 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to www.turktelekom.com.tr (195.175.116.158:443)

TCP (HTTP):

Connects to vitrinbot.vitringez.com (144.76.95.229:80)

TCP (HTTP):

Connects to vip0x015.map2.ssl.hwcdn.net (209.197.3.21:80)

TCP (HTTP):

Connects to static.194.197.76.144.clients.your-server.de (144.76.197.194:80)

TCP (HTTP SSL):

Connects to sof01s11-in-f3.1e100.net (216.58.208.99:443)

TCP (HTTP):

Connects to server-54-239-158-136.cdg51.r.cloudfront.net (54.239.158.136:80)

TCP (HTTP):

Connects to server-54-239-130-40.hkg50.r.cloudfront.net (54.239.130.40:80)

TCP (HTTP):

Connects to server-54-230-69-185.sea50.r.cloudfront.net (54.230.69.185:80)

TCP (HTTP):

Connects to server-54-230-21-75.ewr2.r.cloudfront.net (54.230.21.75:80)

TCP (HTTP):

Connects to server-54-230-132-209.syd1.r.cloudfront.net (54.230.132.209:80)

TCP (HTTP SSL):

Connects to server-54-192-231-151.waw50.r.cloudfront.net (54.192.231.151:443)

TCP (HTTP SSL):

Connects to server-54-192-231-137.waw50.r.cloudfront.net (54.192.231.137:443)

TCP (HTTP):

Connects to node30.dc6.host.net.tr (91.227.6.30:80)

TCP (HTTP):

Connects to muc03s14-in-f0.1e100.net (216.58.211.32:80)

TCP (HTTP):

Connects to linux.argedebilisim.com (46.31.147.216:80)

TCP (HTTP SSL):

Connects to lhr08s05-in-f3.1e100.net (216.58.209.227:443)

TCP (HTTP):

Connects to ip42.ip-46-105-238.eu (46.105.238.42:80)

TCP (HTTP):

Connects to ip136.ip-91-121-235.eu (91.121.235.136:80)

TCP (HTTP):

Connects to hosted-by.netdirekt.com.tr (195.244.35.3:80)

TCP (HTTP):

Connects to gw.teknomavi.com (77.92.144.244:80)

Remove nvtray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.