» nsinstall.exe
Overview
Analysis
File Details

nsinstall.exe

Gemius S.A.

The application nsinstall.exe by Gemius S.A has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.

File name:

nsinstall.exe

Publisher:

Gemius S.A. (signed and verified)

MD5:

a312bbe16006425e044aef6d5f8ec3dc

SHA-1:

318cd082efb41906c0de9ec505cd3cd8abc79c16

SHA-256:

b9f43c4f7be178d5cf6e5f97d8e1cf1d7d6cb6e9821c0b46977079df1cad9357

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 7:18:44 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.BHO

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen

7.11.30.172

avast!

Win32:PUP-gen [PUP]

2014.9-150113

Clam AntiVirus

Adware.BHO-217

0.98/19915

Comodo Security

UnclassifiedMalware

20692

Dr.Web

Threat.Undefined

9.0.1.05190

ESET NOD32

Win32/Trackware.Gemius potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/PUP

1/13/2015

F-Prot

W32/Adware.AAJD (exact, not disinfectable)

4.6.5.141

G Data

Win32.Trojan.Agent.GHUJ40

15.1.24

K7 AntiVirus

Trojan

13.191.14617

McAfee

Program.Generic PUP.g

16.8.708.2

NANO AntiVirus

Riskware.Win32.NetPanel.dacszh

0.30.0.64448

Reason Heuristics

PUP.GemiusSA

15.3.1.15

Rising Antivirus

PE:Trojan.Win32.Generic.11E62AD4!300296916

23.00.65.15111

Total Defense

Win32/Trackware.Gemius_dc

37.0.11383

Trend Micro House Call

ADW_BHO

7.2.13

Trend Micro

ADW_BHO

10.465.13

Vba32 AntiVirus

Riskware.NetPanel

3.12.26.3

VIPRE Antivirus

Threat.4150696

36468

File size:

433 KB (443,392 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\nsinstall.exe

Digital Signature

Signed by:

Gemius S.A.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

1/27/2009 1:00:00 AM

Valid to:

1/28/2010 12:59:59 AM

Subject:

CN=Gemius S.A., O=Gemius S.A., L=Warszawa, S=mazowieckie, C=PL

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

7125A406F95E708C6C6B6DF1A2AD9F4D

File PE Metadata

Compilation timestamp:

1/14/2003 9:27:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

12288:K8CmuoAkvFqV4yawdCzKr/hNHmXtcOnY2P5TkbmZNqlS:K8PzAkvFqbIebmOOtBTkCvqw

Entry address:

0x1F150

Entry point:

60, BE, 00, 50, 41, 00, 8D, BE, 00, C0, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

44 KB (45,056 bytes)

Remove nsinstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.