291014_nj.exe

45fSRWVdWCX7E94uM

45fSRWVdWCX7E94

The application 291014_nj.exe, “Download da Internet” has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.nanosoftrom.me.
Publisher:
45fSRWVdWCX7E94

Product:
45fSRWVdWCX7E94uM

Description:
Download da Internet

Version:
9.9.5.3

MD5:
cad710ea5e39ebd696ae35b3c92b70e2

SHA-1:
0be022d84bb974496609f322206fa99182a424c9

SHA-256:
ffdbbc1a91c2fa213bb1a8e59760773395ee6d7dc544e165116fb94cfcf28ccd

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 1:59:54 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/BrAppWare.1855708
3.6.1.96

avast!
Win32:Adware-gen [Adw]
2014.9-160112

AVG
Generic
2017.0.2867

Baidu Antivirus
Trojan.Win32.Nurjax
4.0.3.16112

Comodo Security
ApplicUnwnt
21802

ESET NOD32
Win32/Adware.BrAppWare (variant)
10.11491

F-Prot
W32/A-07794f8f
v6.4.7.1.166

G Data
Win32.Riskware.NJax
16.1.25

IKARUS anti.virus
Riskware.Win32.NJax
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.202.15633

Kaspersky
Trojan.Win32.Nurjax
14.0.0.828

Malwarebytes
PUP.Optional.BRApp.A
v2016.01.12.07

McAfee
Artemis!CAD710EA5E39
5600.6523

NANO AntiVirus
Trojan.Win32.Triosir.dgibtv
0.30.16.1110

Panda Antivirus
Generic Suspicious
16.01.12.07

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1015

Sophos
Generic PUA AL
4.98

Trend Micro House Call
Suspicious_GEN.F47V0415
7.2.12

File size:
1.8 MB (1,855,708 bytes)

Copyright:
45fSRWVdWCX7E94u

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\291014_nj.exe

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:xM66z2N0oLJj9aQ5bF6PTCsaWjSduRuI3QAwFj:xj6aNXJxaaFODjjSYRuI3N6

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 291014_nj.exe has been seen being distributed by the following URL.

Remove 291014_nj.exe - Powered by Reason Core Security