home

SafeWnd.EXE

SafeWnd

NICSTECH CO.,LTD.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SafeWnd’.
Publisher:
NICSTECH.CO.Ltd.,  (signed by NICSTECH CO.,LTD.)

Product:
SafeWnd

Description:
SafeWnd UI AGENT(A3264)

Version:
3.5.4.16 (2015122401)

MD5:
5bb343f04625f3a2016905134a9ed990

SHA-1:
4cb6d174f7caf040c2af1a32d227657d89a7d5ac

SHA-256:
0c3fe6e6475de2c0cca427ef8d024f3d7265f8b76a795572fa30d4240cc89f7e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 8:38:44 AM UTC  (today)

File size:
773.8 KB (792,320 bytes)

Product version:
3.5.4.16

Copyright:
Copyright (C) 2007

Original file name:
SafeWnd.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\nics\safewnd.exe

Digital Signature
Signed by:
NICSTECH CO.,LTD.

Authority:
VeriSign, Inc.

Valid from:
3/24/2014 9:00:00 AM

Valid to:
5/23/2017 8:59:59 AM

Subject:
CN="NICSTECH CO.,LTD.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="NICSTECH CO.,LTD.", L=Gangseo-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
11F45D67945774D843249DF8342E8FBB

File PE Metadata
Compilation timestamp:
12/24/2015 5:53:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:x/jDDLrapW3nnCtZtkkPEHPQLVve3rJXX1IIIIyxRME4d6shBuSv0aW8SOVFlnfN:xThnCRGoCliMvX7OKRqRlnWNiC

Entry address:
0x2A4B6

Entry point:
E8, E8, 03, 00, 00, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 00, C6, 45, 00, 89, 0D, FC, C5, 45, 00, 89, 15, F8, C5, 45, 00, 89, 1D, F4, C5, 45, 00, 89, 35, F0, C5, 45, 00, 89, 3D, EC, C5, 45, 00, 66, 8C, 15, 18, C6, 45, 00, 66, 8C, 0D, 0C, C6, 45, 00, 66, 8C, 1D, E8, C5, 45, 00, 66, 8C, 05, E4, C5, 45, 00, 66, 8C, 25, E0, C5, 45, 00, 66, 8C, 2D, DC, C5, 45, 00, 9C, 8F, 05, 10, C6, 45, 00, 8B, 45, 00, A3, 04, C6, 45, 00, 8B, 45, 04, A3, 08, C6, 45, 00, 8D, 45, 08, A3, 14, C6, 45...
 
[+]

Entropy:
6.8534

Code size:
214.5 KB (219,648 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SafeWnd

Command:
C:\windows\nics\safewnd.exe


Scan SafeWnd.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.