NzellEncoderUpdater.exe

NzellEncoderUpdater.exe

NIA

The executable NzellEncoderUpdater.exe, “NZellEncoder Updater” has been detected as malware by 11 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘nzellencoder’.
Publisher:
NZellSoft  (signed by NIA)

Product:
NzellEncoderUpdater.exe

Description:
NZellEncoder Updater

Version:
1.0.0.1

MD5:
5c682511afcaeaf8e9d7f65260dad1c6

SHA-1:
5003d61880a1c277ea49bc3eeb4ec40e8cbb9788

SHA-256:
86caa26b55cc4ab5c7ae3c5e830106deafa31ee5384806969554219237b40605

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
11/5/2024 6:32:53 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.356776
7.11.40.238

Emsisoft Anti-Malware
Trojan.Win32.BHO!IK
8.16.04.23.02

ESET NOD32
Win32/TrojanDownloader.Agent.QYY (variant)
10.7415

IKARUS anti.virus
Trojan.Win32.BHO
t3scan.1.1.122.0

Kaspersky
Trojan-Downloader.Win32.Agent
14.0.0.319

McAfee
Artemis!5C682511AFCA
5600.6421

Norman
W32/Suspicious_Gen2.SNPFD
11.20160423

Panda Antivirus
Trj/CI.A
16.04.23.02

Vba32 AntiVirus
TrojanDownloader.Agent.gniy
3.12.18.2

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
12774

ViRobot
Trojan.Win32.A.Downloader.360448.V
2011.4.7.4223

File size:
348.4 KB (356,776 bytes)

Product version:
1.0.0.1

Copyright:
NZellSoft. All rights reserved.

Original file name:
NzellEncoderUpdater.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\nzellsoft\nzellencoder\nzellencoderupdater.exe

Digital Signature
Signed by:

Authority:
eBiz Networks Ltd

Valid from:
1/6/2010 12:00:00 AM

Valid to:
1/6/2011 11:59:59 PM

Subject:
CN=NIA, OU=Software Development Team, O=NIA, STREET="Weve The State Apt., Jung 2-dong, Wonmi-gu, Bucheon-si, Gyeonggi-do, Korea", STREET=502-1001, L=Bucheon, S=Wonmi-gu, PostalCode=420-776, C=KR

Issuer:
CN=eBiz Networks Certificate Services, O=eBiz Networks Ltd, C=KR

Serial number:
2D45FBB87E41F57DDC127F237BB9D1C9

File PE Metadata
Compilation timestamp:
8/27/2008 10:13:01 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:TQKqx5+7JIgXnfsVLwV1DLy3WfVwHVRRVoCTsKs:DIAnfsxwVdLYKwHDoCPs

Entry address:
0x241A1

Entry point:
E8, 6E, A2, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 0B, 42, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 6D, 37, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D, 00, 00, 00, 00...
 
[+]

Entropy:
6.3567

Code size:
228 KB (233,472 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
nzellencoder

Command:
C:\Program Files\nzellsoft\nzellencoder\nzellencoderupdater.exe


Remove NzellEncoderUpdater.exe - Powered by Reason Core Security