» nsbf4ee.tmp
Overview
Analysis
File Details
Downloads (2)
Network (21)

nsbf4ee.tmp

The file nsbf4ee.tmp has been detected as malware by 13 anti-virus scanners. The file has been seen being downloaded from jbb3tevuxy-c7q8a7h8.netdna-ssl.com and multiple other hosts. While running, it connects to the Internet address server-54-230-39-201.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

nsbf4ee.tmp

Version:

2.11.0.999

MD5:

e13703c3f3cb9c8b93c01a725050857f

SHA-1:

3a5cbfee4838150bf06cac6c98be979bab502156

SHA-256:

bcd97fa14d5e8f848b99babd0180895cb61274dc521cae4c00e71a3a56fdf428

Scanner detections:

13 / 68

Status:

Malware

Analysis date:

11/2/2024 1:39:27 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.740760

462

Arcabit

Trojan.Kazy.DB4D98

1.0.0.576

Bitdefender

Gen:Variant.Kazy.740760

1.0.20.1520

Emsisoft Anti-Malware

Gen:Variant.Kazy.740760

8.15.10.31.07

Fortinet FortiGate

W32/Agent.BJPQXV!tr

10/31/2015

F-Secure

Gen:Variant.Kazy.740760

11.2015-31-10_7

G Data

Gen:Variant.Kazy.740760

15.10.25

Kaspersky

Trojan-Dropper.Win32.Agent.bjpqxv

14.0.0.1193

McAfee

Artemis!E13703C3F3CB

5600.6596

MicroWorld eScan

Gen:Variant.Kazy.740760

16.0.0.912

Panda Antivirus

Generic Suspicious

15.10.31.07

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.11.6.15

File size:

1.4 MB (1,450,496 bytes)

Product version:

2.11.0.999

Language:

English

Common path:

C:\users\{user}\appdata\local\temp\nsbf4ee.tmp

File PE Metadata

Compilation timestamp:

9/28/2015 7:19:09 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

CTPH (ssdeep):

24576:T70cRjANxewULkEQxAtq9uMha8VorgRFdHlwz9O8tjYAjyoovSPoRiHdB7rsMj:sDlULkEQxA09uMhMgNvWYxZvKHdB7rsg

Entry address:

0x47680

Entry point:

E8, 57, 0C, 07, 00, E9, 37, 3C, 06, 00, 55, 8B, EC, 8B, 4D, 08, 85, C9, 75, 15, E8, 44, 67, 06, 00, C7, 00, 16, 00, 00, 00, E8, CA, B3, 06, 00, 6A, 16, 58, 5D, C3, A1, 48, 17, 54, 00, 89, 01, 33, C0, 5D, C3, 6A, 04, B8, 1D, 1E, 4C, 00, E8, 80, 45, 06, 00, 89, 4D, F0, 83, 4D, FC, FF, E8, 58, 08, 00, 00, E8, 3D, 45, 06, 00, C3, 6A, 08, B8, B3, 1F, 4C, 00, E8, 62, 45, 06, 00, 8B, F1, 89, 75, F0, 83, 65, FC, 00, 8D, 4E, 08, 89, 4D, EC, C6, 45, FC, 00, E8, 2E, 08, 00, 00, 83, 4D, FC, FF, 89, 75, EC, 83, 4D, FC... 
[+]

Entropy:

6.3172

Code size:

932.5 KB (954,880 bytes)

The file nsbf4ee.tmp has been seen being distributed by the following 2 URLs.

https://jbb3tevuxy-c7q8a7h8.netdna-ssl.com/.../braieftpoibf_ftpbl_setup.exe

https://jbb3tevuxy-c7q8a7h8.netdna-ssl.com/.../braieftpdoibf_ftpbl_setup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-50-78.jfk5.r.cloudfront.net (54.230.50.78:80)

TCP (HTTP):

Connects to server-54-230-39-62.jfk1.r.cloudfront.net (54.230.39.62:80)

TCP (HTTP):

Connects to server-54-230-39-201.jfk1.r.cloudfront.net (54.230.39.201:80)

TCP (HTTP):

Connects to server-54-230-39-200.jfk1.r.cloudfront.net (54.230.39.200:80)

TCP (HTTP):

Connects to server-54-230-39-188.jfk1.r.cloudfront.net (54.230.39.188:80)

TCP (HTTP):

Connects to server-54-230-38-37.jfk1.r.cloudfront.net (54.230.38.37:80)

TCP (HTTP):

Connects to server-54-230-38-152.jfk1.r.cloudfront.net (54.230.38.152:80)

TCP (HTTP):

Connects to server-54-192-38-66.jfk1.r.cloudfront.net (54.192.38.66:80)

TCP (HTTP):

Connects to server-54-192-38-61.jfk1.r.cloudfront.net (54.192.38.61:80)

TCP (HTTP):

Connects to server-54-192-36-131.jfk1.r.cloudfront.net (54.192.36.131:80)

TCP (HTTP):

Connects to server-205-251-251-72.jfk5.r.cloudfront.net (205.251.251.72:80)

TCP (HTTP):

Connects to server-205-251-251-69.jfk5.r.cloudfront.net (205.251.251.69:80)

TCP (HTTP):

Connects to server-205-251-251-28.jfk5.r.cloudfront.net (205.251.251.28:80)

TCP (HTTP):

Connects to server-205-251-251-241.jfk5.r.cloudfront.net (205.251.251.241:80)

TCP (HTTP):

Connects to server-205-251-251-24.jfk5.r.cloudfront.net (205.251.251.24:80)

TCP (HTTP):

Connects to server-205-251-251-217.jfk5.r.cloudfront.net (205.251.251.217:80)

TCP (HTTP):

Connects to server-205-251-251-206.jfk5.r.cloudfront.net (205.251.251.206:80)

TCP (HTTP):

Connects to server-205-251-251-203.jfk5.r.cloudfront.net (205.251.251.203:80)

TCP (HTTP):

Connects to server-205-251-251-125.jfk5.r.cloudfront.net (205.251.251.125:80)

TCP (HTTP):

Connects to server-205-251-251-121.jfk5.r.cloudfront.net (205.251.251.121:80)

Remove nsbf4ee.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.