home

cnsl46fd.tmp

The file cnsl46fd.tmp has been detected as a potentially unwanted program by 6 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “CD Drive Star Topology”. The file has been seen being downloaded from d2htwdv930b0cg.cloudfront.net.
MD5:
ef3aa88f361b645a867da25e43f8cb75

SHA-1:
a993595149e46e59b0c97a4cc965d0c2054e74d4

SHA-256:
2c96fb6596194fda962ad3bb477e66c59932c4e04318c11178e5eb7278add15d

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 8:52:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.12094
5733614

Emsisoft Anti-Malware
Gen:Variant.Mikey.12094
9.0.0.4799

ESET NOD32
Win32/Adware.ConvertAd.JG application
7.0.302.0

F-Secure
Gen:Variant.Mikey.12094
5.13.68

Reason Heuristics
Threat.Win.Reputation.IMP
15.5.12.23

VIPRE Antivirus
Threat.4150696
39486

File size:
153.5 KB (157,184 bytes)

Common path:
C:\users\{user}\appdata\local\58d8f31a-1429911818-9b49-a440-37a463952fe5\cnsl46fd.tmp

File PE Metadata
Compilation timestamp:
4/24/2015 8:48:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:dGk/Z5rmtClH85jOiqoH4s4Oq7ZxJvc8D5A91YCerQMzABBJDr9RpNLgXrwZdzJS:dG6nRsOijYsHqFvc8D5NfzW5TgXyOh

Entry address:
0x7616

Entry point:
E8, 91, 2C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 78, E3, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 5C, E0, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 55, 08, 56, 57, 85, D2, 74, 07, 8B, 7D, 0C, 85, FF, 75, 13, E8, 0E, 1B, 00, 00, 6A, 16, 5E, 89, 30, E8, 79, 1A, 00, 00, 8B, C6, EB, 33, 8B, 45...
 
[+]

Code size:
115.5 KB (118,272 bytes)

Service
Display name:
CD Drive Star Topology

Service name:
lidypejo

Description:
Domain Name Ball

Type:
Win32OwnProcess


The file cnsl46fd.tmp has been seen being distributed by the following URL.

http://d2htwdv930b0cg.cloudfront.net/CASrv.exe

Remove cnsl46fd.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.