home

nsc3179.tmp

The file nsc3179.tmp has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dl.kiklou.eu.
MD5:
150e1b3e86de818bd4a434d484f60e7f

SHA-1:
e751a644161813025b0e969da1653d30c23f9a94

SHA-256:
4f1308a706ec3ff76b1e759b46e9b61ad91483f299de84ce58a91bf3d2e0fdf8

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 8:05:20 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Adware.EoRezo.BD application
7.0.302.0

Fortinet FortiGate
Adware/Eorezo
1/14/2016

IKARUS anti.virus
AdWare.Eorezo
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.18233

Kaspersky
not-a-virus:AdWare.Win32.Eorezo
14.0.0.817

Malwarebytes
Adware.EoRezo
v2016.01.14.12

Microsoft Security Essentials
Threat.Undefined
1.213.2822.0

NANO AntiVirus
Trojan.InnoSetup.Eorezo.dyqoal
1.0.14.5317

Panda Antivirus
Generic Suspicious
16.01.14.12

Sophos
Generic PUA OH (PUA)
4.98

VIPRE Antivirus
Threat.4739248
46426

File size:
6.2 MB (6,532,095 bytes)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\temp\nsc3179.tmp

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:qrg/p4S3HHNJXIqTsVIePpLxXktEkxqFsZ:qrWFHNJfvoVyEkxqFs

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file nsc3179.tmp has been seen being distributed by the following URL.

http://dl.kiklou.eu/download/trasgo/clickmein/.../setup_gmsd_ar.exe

Remove nsc3179.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.