home

ifLGMS.exe

Messenger

NH Investment & Securities Co.,Ltd.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ifLG Messenger Staff’.
Publisher:
NH투자증권  (signed by NH Investment & Securities Co.,Ltd.)

Product:
Messenger

Version:
2008, 04, 24, 1939

MD5:
8b8efc8edc475a3477c385216a959240

SHA-1:
bba63c1b485e3366b8a55d5ccc51a3b387c398f8

SHA-256:
3b799496593b9a59dd010fd3787aa40c6906b590991e15bf523806628bfe3969

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
2/27/2025 4:59:14 AM UTC  (today)

File size:
1.9 MB (2,041,608 bytes)

Product version:
2008, 04, 24, 1939

Copyright:
Copyright ⓒ 2008

Original file name:
ifLGMS.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
NH Investment & Securities Co.,Ltd.

Authority:
Thawte, Inc.

Valid from:
5/6/2015 9:00:00 AM

Valid to:
5/6/2016 8:59:59 AM

Subject:
CN="NH Investment & Securities Co.,Ltd.", O="NH Investment & Securities Co.,Ltd.", L=Seoul, S=Yeongdeungpo-gu, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
562882FF6F0A5B0576D81D60D91013F1

File PE Metadata
Compilation timestamp:
3/29/2016 4:26:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:aPUbXv+0kUBLoO67wHVzffst/MCO8dg61Hh3nQV1Z:acjzkOLKwt8Dc6G

Entry address:
0xE2F6E

Entry point:
55, 8B, EC, 6A, FF, 68, 20, 2C, 4F, 00, 68, 80, 2D, 4E, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 2C, 4E, 4E, 00, 59, 83, 0D, E8, 08, 51, 00, FF, 83, 0D, EC, 08, 51, 00, FF, FF, 15, 28, 4E, 4E, 00, 8B, 0D, B8, 08, 51, 00, 89, 08, FF, 15, 24, 4E, 4E, 00, 8B, 0D, B4, 08, 51, 00, 89, 08, A1, 20, 4E, 4E, 00, 8B, 00, A3, E4, 08, 51, 00, E8, 34, 01, 00, 00, 39, 1D, 10, F5, 50, 00, 75, 0C, 68, 0E, 31, 4E, 00, FF, 15, 1C, 4E...
 
[+]

Entropy:
6.7218

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
908 KB (929,792 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ifLG Messenger Staff

Command:
C:\iflgmessenger\iflgms.exe


Scan ifLGMS.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.