home

ncs-inst-x64.exe

Netcam Studio - 64-bit

Steve Niquille

This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. The file has been seen being downloaded from d.netc.am.
Publisher:
Moonware  (signed by Steve Niquille)

Product:
Netcam Studio - 64-bit

Version:
1.2.7.0

MD5:
969493245ef7dd00a730ec053e6e53f7

SHA-1:
4c3194dfdc53382e41996e064e890cd1f2728154

SHA-256:
51b0e87f8ebd821558acafbaade41002e02be6951e16f44ca1f8fc11764c6283

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 2:33:01 AM UTC  (today)

File size:
34.8 MB (36,471,216 bytes)

Product version:
1.2.7.0

Copyright:
Copyright (C) 2015 Moonware

Original file name:
ncs-inst-x64.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ncs-inst-x64.exe

Digital Signature
Signed by:
Steve Niquille

Authority:
DigiCert Inc

Valid from:
2/8/2014 2:00:00 AM

Valid to:
4/14/2016 3:00:00 PM

Subject:
CN=Steve Niquille, O=Steve Niquille, L=Echichens, S=Vaud, C=CH

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08DAC0FCBB45689AF1B32941D72264C3

File PE Metadata
Compilation timestamp:
10/21/2015 11:05:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
786432:TzSZv/1bwJjxCiAf5+UzDVjSv0OdMXZ0ij+rj1tqKT+z79:TziYx454c4i8Kz79

Entry address:
0xC7B47

Entry point:
E8, 76, B2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 56, 8B, F1, 33, DB, 3B, F3, 75, 16, E8, D8, 3E, 00, 00, 6A, 16, 5E, 89, 30, E8, 3E, 62, 00, 00, 8B, C6, E9, B4, 00, 00, 00, 57, 39, 5D, 08, 77, 16, E8, BC, 3E, 00, 00, 6A, 16, 5E, 89, 30, E8, 22, 62, 00, 00, 8B, C6, E9, 97, 00, 00, 00, 33, C9, 39, 5D, 10, 66, 89, 0E, 0F, 95, C1, 41, 39, 4D, 08, 77, 09, E8, 95, 3E, 00, 00, 6A, 22, EB, D7, 8B, 4D, 0C, 83, C1, FE, 83, F9, 22, 77, C5, 8B, CE, 39, 5D, 10, 74, 0E, 6A, 2D, 59, 33, DB, 66, 89, 0E, 43...
 
[+]

Entropy:
7.9866  (probably packed)

Code size:
1 MB (1,069,056 bytes)

Scheduled Task
Task name:
C__Users_mohammed_Downloads_ncs-inst-x64.exe

Trigger:
Logon (Runs on logon)


The file ncs-inst-x64.exe has been seen being distributed by the following URL.

http://d.netc.am/ncs-inst-x64.exe

Scan ncs-inst-x64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.