» ansf692.exe
Overview
Analysis
File Details
Network (2)

ansf692.exe

The application ansf692.exe has been detected as a potentially unwanted program by 11 anti-malware scanners.

File name:

ansf692.exe

MD5:

82041911659bfb70cb2a3ee6eb14bd38

SHA-1:

15cbe05412676c0fb369d71e128f20ba22c2ddb6

SHA-256:

3a4dff48bb801f5730cba79dcb3004ac0010cdc2b6d2f9fbd34420f830d129f0

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

2/25/2025 5:57:15 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.188059

613

Baidu Antivirus

Adware.Win32.ConvertAd

4.0.3.15513

Bitdefender

Gen:Variant.Adware.Graftor.188059

1.0.20.760

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.188059

8.15.06.01.01

ESET NOD32

Win32/Adware.ConvertAd.MP application

7.0.302.0

F-Secure

Gen:Variant.Adware.Graftor

11.2015-01-06_2

G Data

Gen:Variant.Adware.Graftor.188059

15.6.25

MicroWorld eScan

Gen:Variant.Adware.Graftor.188059

16.0.0.456

Reason Heuristics

Threat.Adware.ConvertAd.Meta

15.5.13.12

Trend Micro House Call

Suspicious_GEN.F47V0508

7.2.152

File size:

1.7 MB (1,782,784 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\032b0290-1431090812-05fd-4106-720700080009\ansf692.exe

File PE Metadata

Compilation timestamp:

5/8/2015 10:50:54 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:RyZ9bA2DfDH4zvyZnCc89zaCHN0OJXv4FEyXEOkWLuJmG:KBAMDHoyZnCc89zaCHN06JyXEOkWL

Entry address:

0x107A49

Entry point:

E8, AA, 73, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, E0, 4D, 58, 00, 75, 02, F3, C3, E9, 31, 74, 00, 00, 8B, 41, 04, 85, C0, 75, 05, B8, 20, DB, 55, 00, C3, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 57, 8B, F9, 74, 2D, 56, FF, 75, 08, E8, EA, 09, 00, 00, 8D, 70, 01, 56, E8, 1F, 34, 00, 00, 59, 59, 89, 47, 04, 85, C0, 74, 11, FF, 75, 08, 56, 50, E8, F7, 74, 00, 00, 83, C4, 0C, C6, 47, 08, 01, 5E, 5F, 5D, C2, 04, 00, 8B, FF, 56, 8B, F1, 80, 7E, 08, 00, 74, 09, FF, 76, 04, E8, B2, 33, 00, 00, 59, 83, 66, 04, 00, C6, 46... 
[+]

Code size:

1.2 MB (1,266,688 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-69-155-226.us-west-2.compute.amazonaws.com (54.69.155.226:80)

TCP (HTTP):

Connects to ec2-54-148-200-86.us-west-2.compute.amazonaws.com (54.148.200.86:80)

Remove ansf692.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.