» nssg.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

nssg.exe

RecA

The executable nssg.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler named fetpoi triggered to execute each time a user logs in. The file has been seen being downloaded from a.pomf.cat.

File name:

nssg.exe

Publisher:

RecA (signed and verified)

MD5:

615085208d38e68a2f6a6d25da7d9596

SHA-1:

6daf5e7e3144ae8a659b955d24d534ffab67ba9c

SHA-256:

8732b883c11b228355b986aed0651f45484ead00d81d66722db8f8ab391b4d52

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/16/2024 6:48:54 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.12.29.7

File size:

309.4 KB (316,864 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\nssg.exe

Digital Signature

Signed by:

RecA

Authority:

RecA

Valid from:

7/3/2016 1:42:39 AM

Valid to:

7/4/2026 1:42:39 AM

Subject:

E=owner@reca.net, CN=www.reca.net, OU=Support Dept, O=RecA, L=Cologne, S=Sortil, C=DE

Issuer:

E=owner@reca.net, CN=www.reca.net, OU=Support Dept, O=RecA, L=Cologne, S=Sortil, C=DE

Serial number:

008FE7E51E617A60CF

File PE Metadata

Compilation timestamp:

7/5/2016 3:56:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x23CEE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.8356

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

136 KB (139,264 bytes)

Scheduled Task

Task name:

fetpoi

Path:

\Update\fetpoi

Trigger:

Logon (Runs on logon)

The file nssg.exe has been seen being distributed by the following URL.

https://a.pomf.cat/sgzvsu.exe

Remove nssg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.