Prevx Research Division
NADLOCOP.EXE
System Back DoorFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove NADLOCOP.EXE.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- System Back Door
- Cloaked Malware
File Behavior
NADLOCOP.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- The Process is polymorphic and can change its structure
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Creates a TCP port which listens and is available for communication initiated by other computers
- Writes to another Process's Virtual Memory (Process Hijacking)
- Uses DNS to retrieve the IP address for web sites
- Registers a Dynamic Link Library File
- Sends email using SMTP protocols
- Can communicate with other computer systems using HTTP protocols
- Can examine and send Email using POP3 protocols
NADLOCOP.EXE has been the subject of the following behavior:
- Added as a Registry auto start to load Program on Boot up
- Executed as a Process
- Created as a process on disk
- Has code inserted into its Virtual Memory space by other programs
- This program is often downloaded from the web
- Registered as a Dynamic Link Library File
- Executed from Temporary Folders
- Terminated as a Process
Country Of Origin
The filename NADLOCOP.EXE was first seen on Dec 20 2007 in the following geographical regions of the Webroot community:
- The United States on Dec 20 2007
- Canada on Dec 20 2007
- Spain on Mar 23 2008
- on Mar 23 2008
File Name Aliases
NADLOCOP.EXE can also use the following file names:
- NADLOCOP[1].EXE
- TMP2B.TMP
- TMP29.TMP
- NADLOCOP .EXE
- NADLOCOP .EXE
- TMP113.TMP
- TMP12B6.TMP
- TMP1722.TMP
- TMP2A2.TMP
- TMP2C.TMP
- TMP35.TMP
- TMP40.TMP
- TMP4BC.TMP
- TMP517.TMP
- TMP97A.TMP
- TMPC1.TMP
- TMP33.TMP
- TMP39.TMP
- TMP75.TMP
- TMP57.TMP
- TMP13F.TMP
- TMP7D.TMP
- NLOCP.EXE
- INF5.TMP
- INF3.TMP
- CSI9.TMP
- TMP14.TMP
- TMP24.TMP
- TMP7.TMP
- TMP9.TMP
- CSI7.TMP
- TMP1283.TMP
- TMP25.TMP
- TMP28.TMP
- CSI3.TMP
- TMP1C.TMP
- TOHEL.EXE
- DA.EXE
- 91955427.DAT
Filesizes
The following file size has been seen:
- 20,519 bytes
- 57,856 bytes
- 34,816 bytes
- 79,872 bytes
File Type
The filename NADLOCOP.EXE refers to many versions of an executable program.
Network Activity
One or more files with the name NADLOCOP.EXE performs the following network events:
- DNS Lookup72.8.143.28 aaaaaaaaaaaaa.locop.net
Website Activity
One or more files with the name NADLOCOP.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- TCP:72.8.143.28:18384 Port:12
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.