nsbf4ee.tmp

The file nsbf4ee.tmp has been detected as malware by 13 anti-virus scanners. The file has been seen being downloaded from jbb3tevuxy-c7q8a7h8.netdna-ssl.com and multiple other hosts. While running, it connects to the Internet address server-54-230-39-201.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.
Version:
2.11.0.999

MD5:
e13703c3f3cb9c8b93c01a725050857f

SHA-1:
3a5cbfee4838150bf06cac6c98be979bab502156

SHA-256:
bcd97fa14d5e8f848b99babd0180895cb61274dc521cae4c00e71a3a56fdf428

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
12/26/2024 5:51:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.740760
462

Arcabit
Trojan.Kazy.DB4D98
1.0.0.576

Bitdefender
Gen:Variant.Kazy.740760
1.0.20.1520

Emsisoft Anti-Malware
Gen:Variant.Kazy.740760
8.15.10.31.07

Fortinet FortiGate
W32/Agent.BJPQXV!tr
10/31/2015

F-Secure
Gen:Variant.Kazy.740760
11.2015-31-10_7

G Data
Gen:Variant.Kazy.740760
15.10.25

Kaspersky
Trojan-Dropper.Win32.Agent.bjpqxv
14.0.0.1193

McAfee
Artemis!E13703C3F3CB
5600.6596

MicroWorld eScan
Gen:Variant.Kazy.740760
16.0.0.912

Panda Antivirus
Generic Suspicious
15.10.31.07

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.11.6.15

File size:
1.4 MB (1,450,496 bytes)

Product version:
2.11.0.999

Copyright:
Copyright (C) 2014

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\nsbf4ee.tmp

File PE Metadata
Compilation timestamp:
9/28/2015 7:19:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

CTPH (ssdeep):
24576:T70cRjANxewULkEQxAtq9uMha8VorgRFdHlwz9O8tjYAjyoovSPoRiHdB7rsMj:sDlULkEQxA09uMhMgNvWYxZvKHdB7rsg

Entry address:
0x47680

Entry point:
E8, 57, 0C, 07, 00, E9, 37, 3C, 06, 00, 55, 8B, EC, 8B, 4D, 08, 85, C9, 75, 15, E8, 44, 67, 06, 00, C7, 00, 16, 00, 00, 00, E8, CA, B3, 06, 00, 6A, 16, 58, 5D, C3, A1, 48, 17, 54, 00, 89, 01, 33, C0, 5D, C3, 6A, 04, B8, 1D, 1E, 4C, 00, E8, 80, 45, 06, 00, 89, 4D, F0, 83, 4D, FC, FF, E8, 58, 08, 00, 00, E8, 3D, 45, 06, 00, C3, 6A, 08, B8, B3, 1F, 4C, 00, E8, 62, 45, 06, 00, 8B, F1, 89, 75, F0, 83, 65, FC, 00, 8D, 4E, 08, 89, 4D, EC, C6, 45, FC, 00, E8, 2E, 08, 00, 00, 83, 4D, FC, FF, 89, 75, EC, 83, 4D, FC...
 
[+]

Entropy:
6.3172

Code size:
932.5 KB (954,880 bytes)

The file nsbf4ee.tmp has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-50-78.jfk5.r.cloudfront.net  (54.230.50.78:80)

TCP (HTTP):
Connects to server-54-230-39-62.jfk1.r.cloudfront.net  (54.230.39.62:80)

TCP (HTTP):
Connects to server-54-230-39-201.jfk1.r.cloudfront.net  (54.230.39.201:80)

TCP (HTTP):
Connects to server-54-230-39-200.jfk1.r.cloudfront.net  (54.230.39.200:80)

TCP (HTTP):
Connects to server-54-230-39-188.jfk1.r.cloudfront.net  (54.230.39.188:80)

TCP (HTTP):
Connects to server-54-230-38-37.jfk1.r.cloudfront.net  (54.230.38.37:80)

TCP (HTTP):
Connects to server-54-230-38-152.jfk1.r.cloudfront.net  (54.230.38.152:80)

TCP (HTTP):
Connects to server-54-192-38-66.jfk1.r.cloudfront.net  (54.192.38.66:80)

TCP (HTTP):
Connects to server-54-192-38-61.jfk1.r.cloudfront.net  (54.192.38.61:80)

TCP (HTTP):
Connects to server-54-192-36-131.jfk1.r.cloudfront.net  (54.192.36.131:80)

TCP (HTTP):
Connects to server-205-251-251-72.jfk5.r.cloudfront.net  (205.251.251.72:80)

TCP (HTTP):
Connects to server-205-251-251-69.jfk5.r.cloudfront.net  (205.251.251.69:80)

TCP (HTTP):
Connects to server-205-251-251-28.jfk5.r.cloudfront.net  (205.251.251.28:80)

TCP (HTTP):
Connects to server-205-251-251-241.jfk5.r.cloudfront.net  (205.251.251.241:80)

TCP (HTTP):
Connects to server-205-251-251-24.jfk5.r.cloudfront.net  (205.251.251.24:80)

TCP (HTTP):
Connects to server-205-251-251-217.jfk5.r.cloudfront.net  (205.251.251.217:80)

TCP (HTTP):
Connects to server-205-251-251-206.jfk5.r.cloudfront.net  (205.251.251.206:80)

TCP (HTTP):
Connects to server-205-251-251-203.jfk5.r.cloudfront.net  (205.251.251.203:80)

TCP (HTTP):
Connects to server-205-251-251-125.jfk5.r.cloudfront.net  (205.251.251.125:80)

TCP (HTTP):
Connects to server-205-251-251-121.jfk5.r.cloudfront.net  (205.251.251.121:80)

Remove nsbf4ee.tmp - Powered by Reason Core Security