home

netviewer 2.0-owl-enu-v1_1_1172_0.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from public.boxcloud.com and multiple other hosts.
MD5:
0bee09bdc5cf90617083f476894fb572

SHA-1:
fd6956d1fc695f9eacf581c8c44d8a68564ee276

SHA-256:
7e39822376b0b7bed81a705c7c6910322d08e34c4c17af476d38e9d62f34eb6e

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/27/2024 4:15:37 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

SUPERAntiSpyware
Heur.Agent/Gen-Whitebox
10592

File size:
2.4 MB (2,468,757 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\netviewer 2.0-owl-enu-v1_1_1172_0.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:5g7aFsGM/m0Brg+hMmlwcQ6kedC/ILXcM0CbFoyGraAhrZhRfS0pl:dDM+orgnmlyqXv0CWyGGA9rl

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9815

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file netviewer 2.0-owl-enu-v1_1_1172_0.exe has been seen being distributed by the following 4 URLs.

https://public.boxcloud.com/d/.../-tOV6SsPBWEFdd_u_z7TYX_xkR6KuSLCBf8HV7JQhq3awwhSHUwyX251IocAFAYFfbhG6tVdBrPe68MONFriat81vFg2-6zfr2z71MpxBSK8NtswBLdzVLT49yV8uNlGQ5KHE5QJ0FfSZzflhHgGwSpHOVeKT5sUJyObLwcU6Wdtgp2W6q7t5EkeZf8KgxBqExxqitQFkgzWTZ5SksaFKD1ly0Fy_vk7lRYtahl6o09BKrg3cvWD2pmjLCp_y2Mp1sCcPtfUvpaFOUdsizxxB3AJTj65tP_iX44xnrtp8CuzzkOh0t8F841mGminJZsgql9b3zA6HYjJ3WOJsUE1GQTtrmTwGE3fLklUmitFOIo8WAO2x6iu6TiPqIghydqsq7ssionWTE9ZccoD28aS0E-SKXLaagNV3wUQ0mpa21C-cZ2wtzC-D-R5EKQtVbI984ZqBsHvgtPhjLecLa5aQnu9ov17l_b_DGnXlbhDbXcz8NDeyduI_YYiAdA5uMhoFXtBjm2NgDpt-nIQWQLjuYhgeWL5SYgC-yN2t4jMY1mdzWVEDEWVaxxpwqMey6NY2MoBQpfL8_KXQ2OGpQMKYGq1IvhnvK-U6JOvsj9Q4OjXfMzCDYUt4iV5sTcXjhndcFDdoiYsTuSII_wkjnaW5LdaLhOc9DffaLqEQLH_ZpDiUjK8VQyF2b4-1lyccqRhE5JEyhop9NaA3PvZC-Dignf4s91R9rnW9X350Da4zhkRM4PncozndeZKOQqPgvVikAv5nDPk7pMbiRnIuUQ9r9cBD6sp2S1tG_IBNv-Zk7gYKviaCGnS7l3No9UBMx654CIKpzA6rQSiJh0HbJetUVYOjVmtQtz7YtaxTXY3GKgoWlF29oJXRpgCe4q2P24hU5GLi29fmcaFHCvUoHxso4IUIAOEFiLClfZcA9-annRtSmt39y2M0QNPW_PtTXI2wsRA1Bvf

https://public.boxcloud.com/d/.../B3YQpnQyne9KG7pddph-U4L1NIDZTQ3EywMo6DfJFd21bsd4N0aPvW1LziI7LZiSwfdnAV2WcrdiCu2vTm2Arazpv45LFyrqMJnqVQuBg1HsHSkZAjY8x8CcyQ7PhfkIdvBAMeRWoG4he6Yf_yw4knfcYcW901V-PUHLvOEooyOEm6TXEnWZFNJ9-aYBh3vj398x3jGrv45axO2-YevJPlSBLxQe3Y_C6yQmmD3NoIFgK2jwVrsgCw6qGHFhePUM1eFJ-jk6B-b_9UChDLg5PNRBZBu8uAIWssbiTG18Vo9KyaDZMjK2WJo1iL6taD9wCDwjDY50IUhSKNmIwRZXBqAn3Cx5SrAjp-t5vleRFpXq3qps6kLISZBxynAOCxq4_aow1CYKP2x5xVcjipoFrwnBJ97N5zWw0mkzxna_43lJarMnUMrrHT6z6LigJhNFah5CVZRKi1BtsTeZPL2iLCesMchgQCzdFFw10wYG8WcvCMMMT8r1kEp1gb64YTiOG8CHgyngpGUGPEK9uLMsGi7ebrcFLlgC9b3UfWZvQHJ56QqHlpwbXIIqYwS_Atec1SfrCMTfcmMgMFI7j_wB3k38-EMB6jBtcwlIv-01FrnMlt5otaltkEFWLWessTkB7Kc5lkVYrK_jWbwFxU4T0EvhJ3m01Bqfb20pE1LamK5fasodXNfepDj-CFC3x1MlbEdNQk4XHJLgdouO6MaQFauWb7Cs960i6BlLbCq0kGoeIZT_jvJxrR9ARoaJzNgr1HW9bpxtMesAz8DoJyl_tBFuigPHBMz2AdGQ8WCeBsQutONUfSq_zUArdhmMaBpmvrwFIppBnmZTDypZtp_KmgUiL6tiYGKFoJMg7Xhf7jaoD9y6-1MdNnwXwf9suB7i4_etA-WXR_JDpn7McbIRN_xAnsviJ_Vih0WtT6Rsf2DxewM7xIvdu6NqoFgdjAjxDs5PH0ti

https://dl.boxcloud.com/d/.../vQGDMltb5kimVScrjdDWLCPo6ffrkFUVkVs0Q3NDUmdQvcDn9ltsJcI7eFYVL1L5FZoqf3whvtFjw8XzdUftmmu34IjpAZuiCwGXnF8OmxUeN9-2-od47ReFPhqodoSyfJrpJr26Vkq-RMg2eVg6ZPWARotmhDwterMkxom1LI7r3lRsriwej7pqTEJUHMBWWX_iaEJHiaHISgBzr2tzZUpitBKeyzB-SobrX2HQqxlytoi2TQXs4-EHcYkwyrTTkzEOm0Zv-3ka8T74ugBxyzREGmrMbKYJxBAXIUz2EJC1shQelz167uuqnRkoV0OWIMAonvRRxR4my4dYpsImS5QVD0EIpc3C6eUBvT9SkvrgJRI5t7QoLdpSjjiO5sHbSJwmnYOG9IwssKs0k_4-Btz4WqmO9DcGNu9JVMoR9kLYXHrL0H4LdiSBxjx-U_Z7TweDYBPBNfPbPbnueMCusu8fyFHTRK9bME5JiZ8tLR_WF7yHlzfQ0w_wDcHN6xAJrjYqffxe9Dhta45QfkVFpdlLCl1QWNv6WydUnq4ZEj8JsGAIwzApoLOiYETHa8a4WAgpHVpsoCmkMeuFT0IWooTqv9xy802MxzhZYmnoaCbC_CXmCZy_7oiQmHFXROOSGgvG97e3zBczyEJTnUDCDqfSq6C-sARa26RbU456JMEVictIo-If3SF6lii8HI6UCOuPs2h7kN1BNst51WiepATc5FipaczsxhYa0rSEagodHm8yFgfqBr50aELjwoxif32eSffQgMeQJn81oXdgScwHWFyG-2daFgtN9XnAij0_JqGOgjNsA5T7nTiCvScb6V1FwrMXW26bJatuLohyMIaUzUs87Y5UneUkqcDXk3SfvcZRUvY6JZDlX68VV6oaFQtjBeE7tQM9G-331E2SS3kIpnDD9lNU0XbkJH011AyeujKZ-yU4Es0oSZmInViIAtJSG8tCIGUK

https://ferrismarketing.app.box.com/index.php?rm=box_download_shared_file&shared_name=n4yep73p24zubly0iw2cpio6gp3zvvae&file_id=f_22206947801

Scan netviewer 2.0-owl-enu-v1_1_1172_0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.