Nimboss.exe demonstrated potential malicious behaviour (file size seems to have increased)

Document ID : KB000013036
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Nimboss.exe demonstrated potential malicious behaviour (file size seems to have increased)

Question:

Nimboss.exe demonstrated potential malicious behaviour (file size seems to have increased). Is this normal or is it a potential security threat where the file is being wrapped over by a Trojan horse? 

Environment:
UIM 8.47Nimboss.exe file version 5.50
Answer:

1. Download the Microsoft File Checksum Integrity Verifier: https://www.microsoft.com/en-gb/download/confirmation.aspx?id=11533 

2. Once downloaded, run and select where to place the extracted files (e.g create a new folder: C:\WinTools).

3. Go to the command prompt and enter the following: "C:\WinTools\fciv" -md5 -sha1 "C:\Program Files (x86)\Nimsoft\bin\nimboss.exe"

The MD5 output from our internal 8.47 primary server was: 1322d51f8466d6b559df02f6a62313a6.

The customers MD5 output was: 1545328857B1C58D34279D1987F881B8.

After some further investigation, we ran the above steps from our internal UMP server and found the file size was also over 1MB (1.02MB) and the MD5 matched: 1545328857B1C58D34279D1987F881B8.