home

nxTS.exe

nxTS

Korea Trade Network Co., Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘nxTS’.
Publisher:
Korea Trade network Co., Ltd.  (signed by Korea Trade Network Co., Ltd)

Product:
nxTS

Version:
1,0,0,8

MD5:
3ea7baa48683c6f7908090c3c3a8ac42

SHA-1:
079b45f76d0477b1fd84dbb4edbc7e89f16d4f6e

SHA-256:
cb296e1a12a357def5408c399d625fe348f57a4c41ac4433949246d9dd744c7e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 5:55:39 AM UTC  (today)

File size:
3.9 MB (4,089,264 bytes)

Product version:
1,0,0,8

Copyright:
Korea Trade Network Co., Ltd. All rights reserved.

Original file name:
nxTS.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\nxts\nxts.exe

Digital Signature
Signed by:
Korea Trade Network Co., Ltd

Authority:
Thawte, Inc.

Valid from:
9/10/2015 9:00:00 AM

Valid to:
12/10/2016 8:59:59 AM

Subject:
CN="Korea Trade Network Co., Ltd", O="Korea Trade Network Co., Ltd", L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
46DD77805555B5964BCF0728947DBCFE

File PE Metadata
Compilation timestamp:
5/18/2016 9:20:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:tAn3xzAUOxCQjprB1BJ/sIWVfsZmzrqD5c4b/eoHkzsXhZH1:GrcNJ/3WVfh4b/ebzsXhZV

Entry address:
0x19B8BC

Entry point:
E8, 8B, 2A, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 98, A5, 72, 00, E8, 5E, 14, 00, 00, E8, 60, E4, 00, 00, 0F, B7, F0, 6A, 02, E8, 1E, 2A, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, BB, 70, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.2715

Code size:
2.6 MB (2,712,576 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
nxTS

Command:
"C:\Program Files\nxts\nxts.exe"


Scan nxTS.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.