» navserv.exe
Overview
Analysis
File Details
Downloads (2)

navserv.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from mega.nz and multiple other hosts.

File name:

navserv.exe

MD5:

63c1f305481dd01e6e5720e9409c5358

SHA-1:

5fd06e746733fc49cb1397c02a3cd1b7908ca27b

SHA-256:

14af2a6afb27cee818d05bf970549e892d700cd7d7595a07c82e159283a5aaac

Scanner detections:

6 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

12/26/2024 3:35:31 AM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Trojan.7938892

0.98/21155

Norman

Suspicious_Gen2.LVNJH

11.20140615

Rising Antivirus

PE:Trojan.Win32.Generic.1261C3C0!308396992

23.00.65.14613

Trend Micro House Call

TROJ_SPNR.03IB12

7.2.166

Trend Micro

TROJ_SPNR.03IB12

10.465.15

VIPRE Antivirus

Trojan.Win32.Generic

30174

File size:

12 KB (12,288 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

4/7/2009 7:15:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

5.12

CTPH (ssdeep):

192:AGd2/mzVbiGL2AnPAa3lUWJFuqGuwWOglUBqVr8N:AGd2i/PAa3DuqGujOyVr8

Entry address:

0x1012

Entry point:

68, B8, 50, 42, 00, E8, A0, 1D, 00, 00, 68, 00, 02, 00, 00, 68, 40, 46, 40, 00, 6A, 00, E8, 77, 1D, 00, 00, 8D, 0D, 40, 46, 40, 00, 03, C1, EB, 01, 48, 80, 38, 5C, 74, 04, 3B, C1, 77, F6, C6, 40, 01, 00, 68, 81, 40, 40, 00, E8, 50, 09, 00, 00, 68, 40, 44, 40, 00, 68, 20, 40, 40, 00, E8, 94, 1D, 00, 00, 60, 68, B8, 50, 42, 00, E8, 29, 1D, 00, 00, 6A, F5, E8, 40, 1D, 00, 00, 6A, 07, 50, E8, 56, 1D, 00, 00, BB, 8C, 40, 40, 00, 53, E8, 75, 1D, 00, 00, 50, 6A, F5, E8, 25, 1D, 00, 00, 59, 6A, 00, 68, 40, 48, 40... 
[+]

Code size:

8 KB (8,192 bytes)

The file navserv.exe has been seen being distributed by the following 2 URLs.

https://mega.nz/persistent/.../XQRR0SIb

http://www34.speedyshare.com/G9mKM/1f2b17b7/.../navserv.exe

Scan navserv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.