home

NOL3Starter.exe

NOL3Starter

Bank Zachodni WBK S.A.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NOL3Starter’.
Publisher:
ComArch SA  (signed by Bank Zachodni WBK S.A.)

Product:
NOL3Starter

Description:
Aplikacja uruchamiająca NOL3

Version:
1.0.0.1

MD5:
dd27faa27699290eff01283b53a68b83

SHA-1:
024dab6e354a7c0e79c6e5c689788ce0d2cecbb5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 4:57:58 AM UTC  (today)

File size:
4.3 MB (4,515,592 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2015

Original file name:
NOL3Starter.exe

File type:
Executable application (Win32 EXE)

Language:
Polish

Common path:
C:\Program Files\common files\nol3starter\nol3starter.exe

Digital Signature
Signed by:
Bank Zachodni WBK S.A.

Authority:
Entrust, Inc.

Valid from:
6/11/2015 10:14:18 AM

Valid to:
6/1/2016 4:58:38 PM

Subject:
CN=Bank Zachodni WBK S.A., O=Bank Zachodni WBK S.A., L=Wroclaw, C=PL

Issuer:
CN=Entrust Code Signing Certification Authority - L1D, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US

Serial number:
4C17ABDC

File PE Metadata
Compilation timestamp:
10/13/2015 1:05:35 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:VERWHQW0KaqKbjSfYMUt0RU+Kl5A1VnhduiypZr7NrUTydaPOHIx+dufixP2Z:VERWHBmjSfmt0RIqfNU7Nrn3q

Entry address:
0x185936

Entry point:
E8, 0B, D7, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D0, 6C, 71, 00, E8, B4, A2, 00, 00, E8, 22, 81, 00, 00, 0F, B7, F0, 6A, 02, E8, 9E, D6, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D7, A9, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
2.5 MB (2,589,184 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NOL3Starter

Command:
C:\Program Files\common files\nol3starter\nol3starter.exe


Scan NOL3Starter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.