» NPE.exe
Overview
Analysis
File Details
Downloads (28)

NPE.exe

Norton Power Eraser

Symantec Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from gslink.us and multiple other hosts.

File name:

NPE.exe

Publisher:

Symantec Corporation (signed and verified)

Product:

Norton Power Eraser

Version:

4.3.5.28

MD5:

0de7c31d176f9ddebbb052c654b9806b

SHA-1:

8894e5eee87bf16fde140810f28fa24e2325bf3c

SHA-256:

e529f9dc2ef7c646dd8ddb10fe44942075284fcd341e2275dd96592fcefc9c27

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/16/2024 3:41:01 AM UTC (today)

File size:

2.9 MB (3,060,320 bytes)

Product version:

4.3

Original file name:

NPE.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\npe.exe

Digital Signature

Signed by:

Symantec Corporation

Authority:

VeriSign, Inc.

Valid from:

11/18/2013 7:00:00 PM

Valid to:

11/16/2014 6:59:59 PM

Subject:

CN=Symantec Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Endpoint Protection & Productivity, O=Symantec Corporation, L=Culver City, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2BBAF83D7BEDD958309D62B93EE41074

File PE Metadata

Compilation timestamp:

8/27/2014 2:19:38 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:siRqfvUnyrAMkg1Kp8NB1/WsadlVX93DPwGekS1kRbbmNy53WpA9Iw0aZ0EHLlWH:4rA/gUpkz+XLJvnGUmNyIp3aZlHLsyC9

Entry address:

0x20397A

Entry point:

B8, 88, 28, D6, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, D1, C5, C7, C4, E7, 0A, 55, 17, A8, B7, E4, FD, 18, 75, 33, DC, CD, 85, B0, 98, 7E, 55, D6, 78, 1F, B3, DE, 52, 0C, 26, 1A, 61, 8E, 45, BA, 4A, FB, 03, E2, 36, 37, 97, 89, 37, 75, ED, DB, C5, 95, B5, 0C, B6, 2F, E3, 94, 32, E4, DA, 8A, 47, CB, 26, 21, DE, A0, CB, A6, 49, 6D, D1, 1C, 33, 53, 66, 20, D9, 65, 53, F7, 9D, 1A, 8D, 56, F5, 91, C7, 94, DC, ED, 8A, 8F, F5, C2... 
[+]

Entropy:

7.9779

Packer / compiler:

PECompact v2

Code size:

5.8 MB (6,029,312 bytes)

The file NPE.exe has been seen being distributed by the following 28 URLs.

http://gslink.us/npe

http://ftp-stahuj.centrum.cz/dl/f44960052329485a262f5f02ca05c583/57c403b4/stahuj/download/software/secured/n/norton-power-eraser/.../NPE.exe

http://optixresolve.com/tools/.../NPE.exe

http://ftp-stahuj.centrum.cz/dl/2d04f9173993329f757620ffdf8ba204/55db5788/stahuj/download/software/secured/n/norton-power-eraser/.../NPE.exe

http://api.viglink.com/api/click?key=96b4d6fc9bb6e5363d33497facdd3eaa&cuid=1503&out=http://liveupdate.symantec.com/upgrade/NPE/1033/NPE.exe&loc=http://www.savepathdeals.com&format=go&ref=http://www.savepathdeals.com

http://www.nonags.com/.../dfp.asp

http://liveupdate.symantec.com/upgrade/NPE/.../NPE.exe

https://doc-04-9g-docs.googleusercontent.com/docs/securesc/f1ik8fs5jltpn46ro7dhpmgnfavar4f9/movnafsm10fe8qlqtvq6qi6gorkslocl/1424289600000/.../05200362255845893088/0B9_OZmzwirF7RUg1YTdoX1JDbGs?h=04141506202807401375&e=download

https://drive.google.com/a/.../uc?id=0B9_OZmzwirF7RUg1YTdoX1JDbGs&export=download

http://liveupdate.symantec.com/upgrade/NPE/.../NPE.exe

http://91.74.184.34/.../NPE.exe

http://www.tamindir.com/indir/MjAxNS0wMy0yNCAxNDowNTo1Mg==/norton-power-eraser/.../4.3.5.28

http://ftp-stahuj.centrum.cz/dl/e74048e33d5d4739099fa8cd9dc3bef3/551fe3c4/stahuj/download/software/secured/n/norton-power-eraser/.../NPE.exe

http://www.tamindir.com/indir/MjAxNS0wMy0yNCAxMjowMDo0OQ==/norton-power-eraser/.../4.3.5.28

http://www.tamindir.com/indir/MjAxNS0wMy0xMiAxNDo0ODoyNQ==/norton-power-eraser/.../4.3.5.28

http://www.tamindir.com/indir/MjAxNS0wMy0yMSAyMDoxOTo0Mg==/norton-power-eraser/.../4.3.5.28

http://www.tamindir.com/indir/MjAxNS0wMy0xOSAxODo0Nzo1Mg==/norton-power-eraser/.../4.3.5.28

http://www.tamindir.com/indir/MjAxNS0wMy0xOSAyMzo1MjoxNQ==/norton-power-eraser/.../4.3.5.28

http://www.tamindir.com/indir/MjAxNS0wMy0xMyAxNjowNzoxMw==/norton-power-eraser/.../4.3.5.28

http://hr.download.hr/go.php?file=w11460&code=l1h4l2h5z7j6x3c6b9o3

http://www.downloadcrew.com/?act=software.download&id=29443&t=1423593761&c=cc26f3be5f521927a2e7c91f5ceebc46ed7536ea

http://www.tamindir.com/indir/MjAxNC0xMi0xNiAwMDozMjo1Ng==/norton-power-eraser/.../4.3.5.28

http://www.tamindir.com/indir/MjAxNC0xMi0xMiAwOToxMTo1MQ==/norton-power-eraser/.../4.3.5.28

http://gslink.us/.../npe

http://ftp-stahuj.centrum.cz/dl/68f9e740284968e43082e35ea9bb5260/54629508/stahuj/download/software/secured/n/norton-power-eraser/.../NPE.exe

http://hr.download.hr/go.php?file=w11460&code=s1c4u1o4m3y5v8d5h2o0

http://ftp-stahuj.centrum.cz/dl/85d3cb68280846736168415a72258341/5434ffc6/stahuj/download/software/secured/n/norton-power-eraser/.../NPE.exe

http://liveupdate.symantec.com/upgrade/NPE/.../NPE.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.