nasmon.exe

Amplusnet SRL

The executable nasmon.exe has been detected as malware by 27 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘NAS Monitor’.
Publisher:
Amplusnet SRL  (signed and verified)

MD5:
8c6b837e0faca5f672a7971c0cbe55de

SHA-1:
792955150e62fdef0af5062ac6c69d768efc4f71

SHA-256:
2972c14bed8b95b652c4910784246f8c3cf182783c96249ce32f4a485922d05f

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
11/5/2024 8:06:09 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.3110647
223

AegisLab AV Signature
Troj.W32.Generic!c
2.1.4+

AhnLab V3 Security
Trojan/Win32.MSIL
2016.03.24

Avira AntiVirus
TR/Dropper.MSIL.648264
8.3.3.4

Arcabit
Trojan.Generic.D2F76F7
1.0.0.662

avast!
Win32:Malware-gen
2014.9-160626

AVG
MSIL9
2017.0.2701

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16626

Bitdefender
Trojan.GenericKD.3110647
1.0.20.890

Emsisoft Anti-Malware
Trojan.GenericKD.3110647
8.16.06.26.05

ESET NOD32
MSIL/Injector.ONZ (variant)
10.13227

Fortinet FortiGate
MSIL/Injector.OIP!tr
6/26/2016

F-Secure
Trojan.GenericKD.3110647
11.2016-26-06_1

G Data
Trojan.GenericKD.3110647
16.6.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.2119093

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1

McAfee
Artemis!8C6B837E0FAC
5600.6357

Microsoft Security Essentials
Trojan:Win32/Skeeyah.A!rfn
1.1.12505.0

MicroWorld eScan
Trojan.GenericKD.3110647
17.0.0.534

nProtect
Trojan.GenericKD.3110647
16.03.23.01

Panda Antivirus
Trj/GdSda.A
16.06.26.05

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16624

Sophos
Troj/MSIL-GEH
4.98

VIPRE Antivirus
Trojan.Win32.Generic
48098

Zillya! Antivirus
Trojan.Injector.Win32.368710
2.0.0.2742

File size:
633.1 KB (648,264 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\7f8f6c81-facd-4495-9a96-3b3bab9c02d0\nas monitor\nasmon.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/2/2014 4:00:00 AM

Valid to:
4/3/2015 3:59:59 AM

Subject:
CN=Amplusnet SRL, O=Amplusnet SRL, STREET=1 Decembrie 1918 52/1, L=Tirgu-Mures, S=Mures, PostalCode=540743, C=RO

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009B1A6C1E16964A1B1C2EBFB72F117A54

File PE Metadata
Compilation timestamp:
3/19/2016 2:38:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:cXr2eyR+S7pPz43AZjmt0i6EbAi3szHJuoWoEKkV6/fUKdD+79vaHsd7hSQ:cXr2eA7hz43cjmt0i6EN3dCE6dda79vZ

Entry address:
0x9E51E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9934

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
625.5 KB (640,512 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NAS Monitor

Command:
C:\users\{user}\appdata\roaming\7f8f6c81-facd-4495-9a96-3b3bab9c02d0\nas monitor\nasmon.exe


Remove nasmon.exe - Powered by Reason Core Security