» nw.exe
Overview
Analysis
File Details
Network (7)

nw.exe

The application nw.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

nw.exe

MD5:

04e31bc58df3c519693c3d5830cf9990

SHA-1:

342797bc6c3d1f01e7b7a43a6f4362c19e4c4326

SHA-256:

1203c2f62f38204da5b38bea155b858012cf5f9833827535b697169003647efa

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

3/12/2025 5:31:17 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ContentPush (M)

17.2.22.14

File size:

44.2 MB (46,372,352 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\contentpush\app\bin\nw.exe

File PE Metadata

Compilation timestamp:

5/10/2002 9:04:44 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x2CB23B5

Entry point:

83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, C5, 00, 00, 00, 4B, 66, 4B, 75, FC, 0F, 90, C4, 47, FF, 73, 3C, 48, 59, 81, E9, FD, FF, FF, 7F, 73, EA, 8D, 52, 1C, FC, 81, D9, E6, 13, 00, 00, 8D, 71, 84, 71, DB, F6, D4, 8B, C0, 80, EC, 1A, FF, B4, 19, E4, 13, 00, 80, 86, C4, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 75, BF, 8B, F9, 86, C4, 31, FA, 68, 28, 79, D5, 49, E8, 94, 00, 00, 00, 89, 74, 24, 44, E8, DA, 00, 00, 00, 89, 44, 24, 34, 83, E8, 04, 87, CF, 0F, 82, 0B, 01, 00, 00, 80, D9, 7E, 64... 
[+]

Entropy:

6.8453

Code size:

34.9 MB (36,639,232 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 126.207.interhost.co.il (185.18.207.126:80)

TCP (HTTP SSL):

Connects to dg-in-f94.1e100.net (209.85.202.94:443)

TCP (HTTP):

Connects to a95-101-78-233.deploy.akamaitechnologies.com (95.101.78.233:80)

TCP (HTTP SSL):

Connects to dg-in-f95.1e100.net (209.85.202.95:443)

TCP (HTTP):

Connects to 94.31.29.19.IPYX-077437-ZYO.above.net (94.31.29.19:80)

TCP (HTTP):

Connects to host-197.199.253.140.etisalat.com.eg (197.199.253.140:80)

TCP (HTTP):

Connects to 94.31.29.36.IPYX-077437-ZYO.above.net (94.31.29.36:80)

Remove nw.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.