291014_nj.exe

zyf9nkO4bh5MkVoDKQCPhASkBfeD

The application 291014_nj.exe has been detected as a potentially unwanted program by 30 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from skivu.net and multiple other hosts.
Publisher:
zyf9nkO4bh5MkVoDKQCPhASkBfeD

Version:
8.8.5.9

MD5:
b794306774ff91939492350f7474967b

SHA-1:
4d6730d67b170db0e6717b0f8914775899c88b3a

SHA-256:
1cfd314ea4ea00318eaa5785e9a11feec57e956ac38696ff1c53aa6e1af0e0b2

Scanner detections:
30 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 8:46:05 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.1161666
379

Agnitum Outpost
PUA.BrAppWare
7.1.1

AhnLab V3 Security
Trojan/Win32.HDC
2015.08.05

Avira AntiVirus
ADWARE/BrAppWare.443480
8.3.1.6

Arcabit
Trojan.Mikey.D3396
1.0.0.425

avast!
Win32:Adware-gen [Adw]
2014.9-160121

AVG
Generic
2017.0.2857

Baidu Antivirus
Trojan.Win32.Nurjax
4.0.3.16121

Bitdefender
Application.Generic.1161666
1.0.20.105

Bkav FE
W32.Clod0d0.Trojan
1.3.0.6979

Comodo Security
ApplicUnwnt
22928

Dr.Web
Trojan.Fraudster.1626
9.0.1.021

Emsisoft Anti-Malware
Gen:Variant.Mikey.13206
8.16.01.21.12

ESET NOD32
Win32/Adware.BrAppWare (variant)
10.12041

F-Secure
Application.Generic.1161666
11.2016-21-01_5

G Data
Application.Generic.1161666
16.1.25

IKARUS anti.virus
Riskware.Win32.NJax
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.207.16781

Malwarebytes
PUP.Optional.BrApp.A
v2016.01.21.12

McAfee
Artemis!B794306774FF
5600.6513

MicroWorld eScan
Application.Generic.1161666
17.0.0.63

NANO AntiVirus
Riskware.Win32.Adware.dpgliw
0.30.24.2668

Panda Antivirus
Generic Suspicious
16.01.21.12

Quick Heal
Trojan.Nurjax.g5
1.16.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.18A236A9!413284009
23.00.65.16119

Sophos
Generic PUA JL (PUA)
4.98

Trend Micro
TROJ_GEN.R021C0OEJ15
10.465.21

VIPRE Antivirus
Trojan.Win32.Generic
42616

ViRobot
Trojan.Win32.A.Nurjax.1751071[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Nurjax.Win32.27
2.0.0.2328

File size:
1.7 MB (1,751,071 bytes)

Copyright:
zyf9nkO4bh5MkVoDKQCP

Original file name:
zyf9nkO4bh5MkVoDKQCP

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\291014_nj.exe

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:vkN3yC7LNnWKrjXQ8gDvn1gM8Pg//sljdlLWyR:vsZWKfBgDv1UPA/sl5lLWyR

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9968

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 291014_nj.exe has been seen being distributed by the following 2 URLs.

Remove 291014_nj.exe - Powered by Reason Core Security