home

setup_nightowl view(1.0).exe

Nightowl View

SZ

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from public.boxcloud.com and multiple other hosts.
Publisher:
SZ

Product:
Nightowl View

Description:
Bate

Version:
1.0

MD5:
d9262a133faba5c4e768e464d8339558

SHA-1:
2ad57f8a13845b703086bf53c2d29d5b0e7c237c

SHA-256:
160496fb7e9d92507345de9b119fe6c6b5eb71983ae3a670fa472d36dc683a8e

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/26/2024 2:23:15 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V0102
7.2.131

File size:
31.6 MB (33,169,752 bytes)

Product version:
1.0

Copyright:
Copyright©2012-2013 Streaming

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Chinese (Simplified, PRC)

File PE Metadata
Compilation timestamp:
6/19/1992 12:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
786432:lCKUTcYZyeyCidpMXgR24bNBuIFrMdtmAHXTDS9D4n1:pUlZy1dNjfodRHX0kn1

Entry address:
0x9B80

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 1A, 95, FF, FF, E8, E9, A6, FF, FF, E8, 78, A9, FF, FF, E8, AF, C9, FF, FF, E8, F6, C9, FF, FF, E8, D5, F2, FF, FF, E8, 3C, F4, FF, FF, 33, C0, 55, 68, 3C, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 05, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, E9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, DF, CF, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, AA, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD...
 
[+]

Entropy:
7.9999

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file setup_nightowl view(1.0).exe has been seen being distributed by the following 4 URLs.

https://public.boxcloud.com/d/.../H1Qt-ilCvTy5wWFTPBTgjkkjVAFl_539ahj5LV-ynlEvWfs_zjdxKlnv8Bni_M-G2gLGILoaJK5765wPoxcE-5TRZxvSUWQpkLEWNFA282PXH6AbKxjwaPcpF6r-U9UGBrLSEbsW3EOAVwVQI1zsA8-3kDSdou311YbkbG7DNUFqOy-XlXlqDmvqpT7HrXAEUtFqwOa-ualP6wYlK_UbQ60S987BQkAdusoDegdb8e5rtXYLDPfvITjLeHaLfaaZc0SCpO_ArpqWAy_o-tz9TxY8PCGX-m7BE4uEUhgZT5q219aIiOYr_teF2vTRi0WEaLyZ9ZfCCKpHbLFkYq12UdgpsmUk2qs3wV5k-Ikj0S3nn_P7KYo2iP2jUSIovQBYqG3K26yJItRL6Ux3rHZUln7wwXbaklmY4gSULj3aajytv25kxX4QaNU-BaK6gpdOSqwdw8tQQe-XzIIyQVf7yVgLTR32pK2qTKuyi2SiIWs0gpTRnOVb64IqLNUs5dJrNxXYoheof-Hw3QYwzknfnWhIhdSufKU_NmsR6d08lZGalpnCjuhgSPPXE5o5YJ6UNAocGFsBZXY30hVb03Xtmm08rRezUn5n5Z53DroId5wc4FNKmNSzWSu5h5GtDRpvj3F2lVUFqi-iTB63o3FCL7ONls826c3Tek16tcP8VGhCr05j3rO8Vfo5GeL5Hbq9H9JAqUGqoDeyHe6Sb-mBHg4mTMnfFshqMc5juyI78WNDJfhjvQjmdVMyjU8TTjNqE-GqnlLhllCSyM5usHhgKyYVM9uoEOYyWQvOpQJALQk5jgrGfmBUJsZsXXbOWx5EAY2vR9o_RyP4x7hinENXpLTthcjcVPdip16v7JmK8X29TwAQPe9FBUstaJCVM8zpjIYn-wRRI6MnFmO022QmYyha7Wt5ROXEtXN1TmiuMCEFf3tLpdhzVnZKrg0Fcx2h57NDoXQJ

https://ferrismarketing.app.box.com/index.php?rm=box_download_shared_file&shared_name=ytl78e7vz262f0w9suv0pcq28nf7s3rp&file_id=f_24462653841

http://nightowltechsupport.com/assets/.../setup_nightowl_view1.0.exe

http://nightowltechsupport.com/file.php?id=52

Scan setup_nightowl view(1.0).exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.