» setup_partcoms1.exe
Overview
Analysis
File Details

setup_partcoms1.exe

Windows Inforetrieval

Now Media Corp.

The application setup_partcoms1.exe by Now Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

setup_partcoms1.exe

Publisher:

Now Media Corp. (signed and verified)

Product:

Windows Inforetrieval

Version:

1.0.0.2

MD5:

c8fac456a6d6b2dd412a116bfa64f739

SHA-1:

d9cd638621bd040d417c94a1fd923a82ef29c53a

SHA-256:

adb21da81f224d5e98d978e9d51eae39d501372391146481786287ffe7c33c16

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 7:57:31 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.8.18.19

File size:

1.2 MB (1,298,592 bytes)

Product version:

1.0.0.2

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\setup_partcoms1.exe

Digital Signature

Signed by:

Now Media Corp.

Authority:

thawte, Inc.

Valid from:

6/10/2015 9:00:00 AM

Valid to:

7/10/2016 8:59:59 AM

Subject:

CN=Now Media Corp., O=Now Media Corp., L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

7883D9D5206A6138CFE83DE378370E66

File PE Metadata

Compilation timestamp:

12/27/2015 2:38:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:y2s3+bbiqjQS+bdHDUeB2fOEp3BAIlKBKkGpYGS3nQ0WKZ78yIYs3+bbT:COCqjQVpjB2mEpxu/aS3RWyWOz

Entry address:

0x310D

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 57, 33, DB, 68, 01, 80, 00, 00, 89, 5C, 24, 1C, C7, 44, 24, 14, 88, 91, 40, 00, 33, F6, C6, 44, 24, 18, 20, FF, 15, B4, 70, 40, 00, FF, 15, B0, 70, 40, 00, 66, 3D, 06, 00, 74, 11, 53, E8, E4, 2D, 00, 00, 3B, C3, 74, 07, 68, 00, 0C, 00, 00, FF, D0, 68, 7C, 91, 40, 00, E8, 65, 2D, 00, 00, 68, 74, 91, 40, 00, E8, 5B, 2D, 00, 00, 68, 68, 91, 40, 00, E8, 51, 2D, 00, 00, 6A, 0D, E8, B4, 2D, 00, 00, 6A, 0B, E8, AD, 2D, 00, 00, A3, 44, EC, 42, 00, FF, 15, 34, 70, 40, 00, 53, FF... 
[+]

Entropy:

7.9765

Packer / compiler:

Nullsoft install system v2.x

Code size:

24 KB (24,576 bytes)

Remove setup_partcoms1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.