home

n1s.exe

NCH Software

Publisher:
NCH Software

Description:
VideoPad Video Editor

Version:
2.11+

MD5:
47dbb146efbe1d0f28c031baf1e851f7

SHA-1:
5ecf5a8ab7c4d7e0d50fabbcdffaf862b68dcf52

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/15/2024 2:38:39 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.Conduit
4.0.3.15724

ESET NOD32
Win32/Toolbar.Conduit (variant)
9.10937

Trend Micro House Call
Suspicious_GEN.F47V1119
7.2.205

File size:
4.1 MB (4,344,465 bytes)

Copyright:
NCH Software

File type:
Executable application (Win32 EXE)

Language:
English (Australia)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\n1s.exe

File PE Metadata
Compilation timestamp:
7/13/2010 1:46:15 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:sDbcIJhAAAAAAAAAKAAAAAAAAAA3AAAAAAAAAAwAAAAAAAAAAbl/cTK5ChHPeDnJ:sDbcIJhAAAAAAAAAKAAAAAAAAAA3AAAv

Entry address:
0x1AD39F

Entry point:
E8, C1, 91, 00, 00, E9, 16, FE, FF, FF, 53, 8B, 5C, 24, 08, 56, 57, 8B, F9, C7, 07, 60, 1B, 40, 00, 8B, 03, 85, C0, 74, 26, 50, E8, 8C, 48, 00, 00, 8B, F0, 46, 56, E8, 6D, 01, 00, 00, 85, C0, 59, 59, 89, 47, 04, 74, 12, FF, 33, 56, 50, E8, 8A, 80, 00, 00, 83, C4, 0C, EB, 04, 83, 67, 04, 00, C7, 47, 08, 01, 00, 00, 00, 8B, C7, 5F, 5E, 5B, C2, 04, 00, 8B, C1, 8B, 4C, 24, 04, C7, 00, 60, 1B, 40, 00, 8B, 09, 83, 60, 08, 00, 89, 48, 04, C2, 08, 00, 53, 8B, 5C, 24, 08, 56, 8B, F1, C7, 06, 60, 1B, 40, 00, 8B, 43...
 
[+]

Entropy:
7.3606

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to pair.audiochannel.net  (66.39.83.117:80)

Scan n1s.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.