» nxpauxsvc.exe
Overview
Analysis
File Details
Behaviors (1)

nxpauxsvc.exe

nxpauxsvc

NetZone Info-Tech Co., Ltd., Shanghai

The application nxpauxsvc.exe by NetZone Info-Tech Co.,, Shanghai has been detected as a potentially unwanted program by 15 anti-malware scanners. It runs as a windows Service named “NxD XP Auxiliary Service”.

File name:

nxpauxsvc.exe

Publisher:

NetZoneSoft Corp. (signed by NetZone Info-Tech Co., Ltd., Shanghai)

Product:

nxpauxsvc

Version:

6.0.0.1970

MD5:

dfe8851d23db7cfe98cfe0e3ea9d4d73

SHA-1:

89ba301c1938940b34179438962583df170601f2

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 11:23:29 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Rogue.7493509

7.11.114.206

avast!

Win32:Malware-gen

2014.9-150905

Bitdefender

Trojan.Generic.7493509

1.0.20.1240

Comodo Security

UnclassifiedMalware

17306

Dr.Web

Trojan.PWS.Banker1.1774

9.0.1.0248

Emsisoft Anti-Malware

Trojan.Generic.7493509

8.15.09.05.04

F-Secure

Trojan.Generic.7493509

11.2015-05-09_7

G Data

Trojan.Generic.7493509

15.9.22

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.2.2.29

K7 AntiVirus

Trojan

13.174.10263

MicroWorld eScan

Trojan.Generic.7493509

16.0.0.744

NANO AntiVirus

Trojan.Win32.Banker1.vpihg

0.28.0.56316

Panda Antivirus

Generic Trojan

15.09.05.04

Reason Heuristics

PUP.Optional.NetZoneInfoTechCoShanghai.Service

15.9.5.16

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

23560

File size:

292.3 KB (299,280 bytes)

Product version:

6.0.0.1970

Original file name:

nxpauxsvc

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\nxpauxsvc.exe

Digital Signature

Signed by:

NetZone Info-Tech Co., Ltd., Shanghai

Authority:

VeriSign, Inc.

Valid from:

7/26/2011 8:00:00 AM

Valid to:

8/5/2012 7:59:59 AM

Subject:

CN="NetZone Info-Tech Co., Ltd., Shanghai", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="NetZone Info-Tech Co., Ltd., Shanghai", L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

00F1D32C1B972DF4D97FEF5EE83B90E5

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:RohOuXvk1PLLjAfXSc7MTWnY9eYJF6uV7d:uNX81Cz78JRVp

Entry address:

0xC4001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 40, 0C, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72... 
[+]

Entropy:

7.7454

Packer / compiler:

ASPack v2.12

Code size:

598 KB (612,352 bytes)

Service

Display name:

NxD XP Auxiliary Service

Service name:

AuxNxpSvc

Type:

Win32OwnProcess, InteractiveProcess

Remove nxpauxsvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.