» nxclientetisalat.exe
Overview
Analysis
File Details
Behaviors (1)

nxclientetisalat.exe

NxRay

Swiss Mobility Solutions SA

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NxClient’.

File name:

Publisher:

Swiss Mobility Solutions (signed by Swiss Mobility Solutions SA)

Product:

NxRay

Description:

NxRay Monitor

Version:

3.3.12.0

MD5:

d430cc3d09cd6ccb2e9fa3711cbbff7f

SHA-1:

b9fca113b76e57123b1a3c37b704dc06abe4ee8d

SHA-256:

b4f0dbe13628b526b7d7a8dea1cd51546d0d3c5dbd09faaa86bc8876a39fa8d1

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 6:37:57 PM UTC (today)

File size:

9.3 MB (9,714,127 bytes)

Product version:

3.3.12.0

Original file name:

nxray

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\swiss mobility solutions\nxclient\nxclientetisalat.exe

Digital Signature

Signed by:

Swiss Mobility Solutions SA

Authority:

GlobalSign nv-sa

Valid from:

4/3/2012 7:15:03 AM

Valid to:

5/4/2014 7:15:03 AM

Subject:

CN=Swiss Mobility Solutions SA, O=Swiss Mobility Solutions SA, C=CH

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112153EF67432E820108A759533018011C80

File PE Metadata

Compilation timestamp:

10/16/2013 3:20:38 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:q/uiJH0ageGhzpmDcjeBrB+oVnAFAFsb3PoTCdALSsCgu0aieGxh3Ncc7AxYc1Tn:qjgycGVgzemALTCg7eGhcFYfFdp0

Entry address:

0x360C01

Entry point:

E9, 45, 6B, E8, FF, E9, 89, FE, FF, FF, 6A, 08, 68, 98, F8, B6, 00, E8, A9, 53, 00, 00, E8, EA, 4A, 00, 00, 8B, 40, 78, 85, C0, 74, 16, 83, 65, FC, 00, FF, D0, EB, 07, 33, C0, 40, C3, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 38, 45, 00, 00, E8, C2, 53, 00, 00, C3, E8, BD, 4A, 00, 00, 8B, 40, 7C, 85, C0, 74, 02, FF, D0, E9, B4, FF, FF, FF, 6A, 08, 68, B8, F8, B6, 00, E8, 5D, 53, 00, 00, FF, 35, 4C, 8D, D2, 00, FF, 15, 14, 72, 9F, 00, 85, C0, 74, 16, 83, 65, FC, 00, FF, D0, EB, 07, 33, C0, 40, C3, 8B, 65... 
[+]

Entropy:

6.1664

Packer / compiler:

Xtreme-Protector v1.05

Code size:

6 MB (6,248,960 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

NxClient

Command:

"C:\Program Files\swiss mobility solutions\nxclient\nxclientetisalat.exe"

Scan nxclientetisalat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.