nsc2e68.tmp

File Downloader

The file nsc2e68.tmp by File Downloader has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.codec13sudha.com.
Publisher:
File Downloader  (signed and verified)

MD5:
6dca08b1178c08d4cf64c145656c22e4

SHA-1:
7cde6013db22c1cbc5a9be72d52ba9531b61857e

SHA-256:
c51c737f4f9fef735c8e827bc2b9cf288046f82026f09dc1e35ef24bf3f42dbe

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/24/2024 3:24:00 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.212.36

AVG
AdLoad
2016.0.3180

Dr.Web
Adware.Downware.918
9.0.1.063

G Data
NSIS.Adware.InstallMonetizer
15.3.25

McAfee
Artemis!6DCA08B1178C
5600.6836

NANO AntiVirus
Trojan.Nsis.Downloader.djhpgw
0.30.0.296

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.FileDownloader
15.3.4.15

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15302

Trend Micro House Call
Suspicious_GEN.F47V0218
7.2.63

VIPRE Antivirus
InstallMonetizer
37822

File size:
248.9 KB (254,904 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\nsc2e68.tmp

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/9/2014 8:00:00 PM

Valid to:
9/10/2015 7:59:59 PM

Subject:
CN=File Downloader, OU=Weather Ping, O=File Downloader, STREET=5655 Silver Creek Valley Road, L=San Jose, S=CA, PostalCode=95138, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6C4833E98E5E20FEC258194CE08B6826

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:oFJ06SOAnNl4CD7pJ59ECadigTZyt5q2pd5A8Ww4jS:O6bV7pBAdZybJd5A8US

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8609

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file nsc2e68.tmp has been seen being distributed by the following URL.

Remove nsc2e68.tmp - Powered by Reason Core Security