» wscnvcsr.exe
Overview
Analysis
File Details
Network (21)

wscnvcsr.exe

Windows Conveniences

Now Media Corp.

The application wscnvcsr.exe by Now Media has been detected as a potentially unwanted program by 3 anti-malware scanners.

File name:

wscnvcsr.exe

Publisher:

Now Media Corp. (signed and verified)

Product:

Windows Conveniences

Version:

6.0.2.4

MD5:

cf47e82618f78f5942c003d3d4e17d41

SHA-1:

67a69167c046911b354e8e6bf21ba5b42ac021d3

SHA-256:

d5a77bb3ba9ce127b8a036631cdbf3fdcef1e667141dd0759ed30525a5c48921

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 2:53:01 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Adkor.148

9.0.1.0326

ESET NOD32

Win32/Adware.Kraddare.LC (variant)

9.12595

Reason Heuristics

Win32.Generic.NowMediaCorp.Meta

15.11.22.18

File size:

1.4 MB (1,503,992 bytes)

Product version:

6.0.2.4

Original file name:

wscnvcsr.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\windows conveniences\wscnvcsr.exe

Digital Signature

Signed by:

Now Media Corp.

Authority:

thawte, Inc.

Valid from:

6/9/2015 8:00:00 PM

Valid to:

7/9/2016 7:59:59 PM

Subject:

CN=Now Media Corp., O=Now Media Corp., L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

7883D9D5206A6138CFE83DE378370E66

File PE Metadata

Compilation timestamp:

11/19/2015 4:31:20 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:I6ikqoLRyARCe1+oZfL9jMhkjaDMwQuNGHIw259bcRKY4:I6vbdTZfL94hkja1Qu+E59BY4

Entry address:

0x9E211

Entry point:

E8, 58, 78, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, B4, 17, 4E, 00, 75, 02, F3, C3, E9, DA, 78, 00, 00, 8B, FF, 55, 8B, EC, 51, 53, 56, 57, FF, 35, 28, 35, 56, 00, E8, DE, 72, 00, 00, FF, 35, 24, 35, 56, 00, 8B, F8, 89, 7D, FC, E8, CE, 72, 00, 00, 8B, F0, 59, 59, 3B, F7, 0F, 82, 83, 00, 00, 00, 8B, DE, 2B, DF, 8D, 43, 04, 83, F8, 04, 72, 77, 57, E8, 02, 59, 00, 00, 8B, F8, 8D, 43, 04, 59, 3B, F8, 73, 48, B8, 00, 08, 00, 00, 3B, F8, 73, 02, 8B, C7, 03, C7, 3B, C7, 72, 0F, 50, FF, 75, FC, E8, 0B, 7A, 00, 00, 59... 
[+]

Entropy:

7.2001

Code size:

778.5 KB (797,184 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-52-79-124-201.ap-northeast-2.compute.amazonaws.com (52.79.124.201:80)

TCP (HTTP):

Connects to ec2-52-199-74-30.ap-northeast-1.compute.amazonaws.com (52.199.74.30:80)

TCP (HTTP):

Connects to ec2-52-78-30-12.ap-northeast-2.compute.amazonaws.com (52.78.30.12:80)

TCP (HTTP):

Connects to ec2-52-69-38-9.ap-northeast-1.compute.amazonaws.com (52.69.38.9:80)

TCP (HTTP):

Connects to server-54-230-182-131.icn50.r.cloudfront.net (54.230.182.131:80)

TCP (HTTP):

Connects to ec2-54-178-129-71.ap-northeast-1.compute.amazonaws.com (54.178.129.71:80)

TCP (HTTP SSL):

Connects to ec2-52-79-165-33.ap-northeast-2.compute.amazonaws.com (52.79.165.33:443)

TCP (HTTP):

Connects to ec2-52-78-165-174.ap-northeast-2.compute.amazonaws.com (52.78.165.174:80)

TCP (HTTP):

Connects to server-54-230-182-40.icn50.r.cloudfront.net (54.230.182.40:80)

TCP (HTTP):

Connects to ec2-52-79-62-21.ap-northeast-2.compute.amazonaws.com (52.79.62.21:80)

TCP (HTTP):

Connects to ec2-52-199-40-34.ap-northeast-1.compute.amazonaws.com (52.199.40.34:80)

TCP (HTTP):

Connects to unknown.telstraglobal.net (210.176.156.45:80)

TCP (HTTP):

Connects to 94.31.29.54.IPYX-077437-ZYO.above.net (94.31.29.54:80)

TCP (HTTP):

Connects to server-54-230-182-211.icn50.r.cloudfront.net (54.230.182.211:80)

TCP (HTTP):

Connects to ec2-52-79-101-168.ap-northeast-2.compute.amazonaws.com (52.79.101.168:80)

TCP (HTTP):

Connects to ec2-13-124-21-149.ap-northeast-2.compute.amazonaws.com (13.124.21.149:80)

TCP (HTTP):

Connects to ec2-13-112-31-152.ap-northeast-1.compute.amazonaws.com (13.112.31.152:80)

TCP (HTTP SSL):

Connects to bam-7.nr-data.net (162.247.242.19:443)

TCP (HTTP SSL):

Connects to a23-74-16-75.deploy.static.akamaitechnologies.com (23.74.16.75:443)

TCP (HTTP SSL):

Connects to a23-33-120-46.deploy.static.akamaitechnologies.com (23.33.120.46:443)

Remove wscnvcsr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.