home

now_ssl.exe

NOW-SSL

Omnesys Technologies Pvt Ltd

The executable now_ssl.exe has been detected as malware by 12 anti-virus scanners.
Publisher:
Omnesys Technologies Pvt Ltd   (signed by Omnesys Technologies Pvt Ltd)

Product:
NOW-SSL

Version:
1.0.0.2

MD5:
4b1b8940bc1b08c95310a3b82f1f4c69

SHA-1:
0822e496ba367dbbaaa5dba4f0e777eee6456581

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/27/2024 8:39:49 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160216-3

AVG
Win32/Sality
2015.0.4530

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5735

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.215.312.0

Norman
Win32.Sality.3
29.02.2016 05:46:54

Sophos
Virus 'Mal/Sality-D'
5.23

File size:
363.3 KB (372,045 bytes)

Product version:
1.0.0.2

Original file name:
stub32i.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\compressed\now_ssl.exe

Digital Signature
Signed by:
Omnesys Technologies Pvt Ltd

Authority:
Omnesys Technologies Pvt Ltd

Valid from:
1/10/2015 1:58:31 PM

Valid to:
1/9/2020 1:58:31 PM

Subject:
E=ganpathi@omnesysindia.com, CN=www.omnesysindia.com, OU=IT, O=Omnesys Technologies Pvt Ltd, L=Bangalore, S=Karnataka, C=IN

Issuer:
E=ganpathi@omnesysindia.com, CN=www.omnesysindia.com, OU=IT, O=Omnesys Technologies Pvt Ltd, L=Bangalore, S=Karnataka, C=IN

Serial number:
00E4BE8B38189B084E

File PE Metadata
Compilation timestamp:
8/2/2002 12:31:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:TA1ehl/69NcGoQAP6MmsCXHlcHjEcCDQLwBVYvk+VNJhUleXFY0Rn/ZywlQ:TDl/UcZPkFUjGDby9LjR/AwlQ

Entry address:
0x8AF7

Entry point:
60, 34, F4, F3, 0F, BF, CA, 43, 8D, 0D, 84, 70, D3, 62, 81, FD, AF, 67, 00, 00, 78, 06, C7, C5, 13, 69, 4B, 7A, 68, 7D, 69, 1D, 00, 68, 75, FD, 91, 00, BE, 97, C5, A1, 58, F6, C6, 12, 2B, D7, BA, 93, B9, 07, B2, 71, 07, B1, CB, 0F, AF, C1, 87, EB, E8, 00, 00, 00, 00, 8D, 15, 5C, 95, C7, EB, 8D, 0D, BC, F6, 09, E4, F2, 85, F5, 3B, E9, 3D, BE, 52, 51, 5B, B0, 2D, 4D, 77, 02, FE, CB, 3B, D2, 74, 07, F3, 69, FD, 47, C0, 74, EB, 8D, 05, 0C, 7F, FC, FF, 69, FB, 03, D5, A7, 9D, 0F, AF, DE, 88, C3, 05, 2F, 83, 03...
 
[+]

Entropy:
7.2922

Code size:
76 KB (77,824 bytes)

Remove now_ssl.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.