» now_ssl.exe
Overview
Analysis
File Details
Downloads (1)

now_ssl.exe

NOW-SSL

Omnesys Technologies Pvt Ltd

The executable now_ssl.exe has been detected as malware by 11 anti-virus scanners.

File name:

now_ssl.exe

Publisher:

Omnesys Technologies Pvt Ltd (signed by Omnesys Technologies Pvt Ltd)

Product:

NOW-SSL

Version:

1.0.0.2

MD5:

887713fd3906b647fe43284ff413f53f

SHA-1:

4fc1962b2d59d8e0480cd2675439f499d95a0d76

SHA-256:

2e16935463a26458a00726aa972dd7efe014e1bf6db926bc2ff35f670aa6b909

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

12/27/2024 8:15:51 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160518-2

AVG

Win32/Sality

2015.0.4591

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.E.gen

4.6.5.141

F-Secure

Win32.Sality.3

5.15.96

Kaspersky

Virus.Win32.Sality

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.223.2382.0

Norman

Win32.Sality.3

19.05.2016 01:04:49

VIPRE Antivirus

Threat.4721115

50170

File size:

367.3 KB (376,141 bytes)

Product version:

1.0.0.2

Original file name:

stub32i.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\now_ssl.exe

Digital Signature

Signed by:

Omnesys Technologies Pvt Ltd

Authority:

Omnesys Technologies Pvt Ltd

Valid from:

1/10/2015 1:58:31 PM

Valid to:

1/9/2020 1:58:31 PM

Subject:

E=ganpathi@omnesysindia.com, CN=www.omnesysindia.com, OU=IT, O=Omnesys Technologies Pvt Ltd, L=Bangalore, S=Karnataka, C=IN

Issuer:

E=ganpathi@omnesysindia.com, CN=www.omnesysindia.com, OU=IT, O=Omnesys Technologies Pvt Ltd, L=Bangalore, S=Karnataka, C=IN

Serial number:

00E4BE8B38189B084E

File PE Metadata

Compilation timestamp:

8/2/2002 12:31:18 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:VA1ehl/69NcGwQAP6MmsCXHlcHjEcCDQLwBVYvkWKFejRr8Nqbq/3iYDY8lQ:VDl/UchPkFUjGDbyBIejum2yh8lQ

Entry address:

0x8AF7

Entry point:

60, F6, D9, F6, D9, 3C, 67, C6, C1, AB, 0F, CD, C7, C2, A2, C3, 02, A1, 68, B7, AE, D2, 00, 57, F2, 0F, AC, DB, FD, 86, ED, C0, D5, DA, 88, CE, C6, C2, E8, E8, 97, 00, 00, 00, 2B, D2, 49, BD, 35, DC, F1, A2, 0F, A5, E8, 88, E3, 8D, 3D, 22, 92, CD, 83, C1, DD, 1D, 0F, BE, C6, 47, 0F, BE, C6, BD, 73, B3, FF, FF, D2, DC, 89, FB, 81, F5, 1D, 4E, 00, 00, 8D, 0D, A8, 40, 36, 1F, C6, C7, 15, 81, ED, 29, 06, 00, 00, D3, F1, D2, D4, BE, 00, 00, 00, 00, 86, CD, 0B, F5, 0F, BB, C7, FE, C7, 0F, BA, E8, C7, 81, F6, B5... 
[+]

Entropy:

7.3065

Code size:

76 KB (77,824 bytes)

The file now_ssl.exe has been seen being distributed by the following URL.

ftp://183.182.86.91/NOW/.../NOW_SSL.exe

Remove now_ssl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.