nsla88d.tmp

The file nsla88d.tmp has been detected as a potentially unwanted program by 12 anti-malware scanners. The file has been seen being downloaded from d24u51ac8ybaqu.cloudfront.net. While running, it connects to the Internet address server-54-230-55-104.jfk6.r.cloudfront.net on port 443.
MD5:
98879bf809f6237992c8c417fa8f4255

SHA-1:
73db66cdc242c1803617e5542a8a7bcbadc6ec5a

SHA-256:
7520306f060667114c941d8ad0621af95b78852334f280c80a1aea01e4a75dd2

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
11/24/2024 12:03:20 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.28503
429

AhnLab V3 Security
PUP/Win32.CrossRider
2015.12.03

Avira AntiVirus
TR/Taranis.399
8.3.2.4

Arcabit
Trojan.Mikey.D6F57
1.0.0.628

Bitdefender
Gen:Variant.Mikey.28503
1.0.20.1685

Emsisoft Anti-Malware
Gen:Variant.Mikey.28503
8.15.12.03.11

F-Secure
Gen:Variant.Mikey.28503
11.2015-03-12_5

G Data
Gen:Variant.Mikey.28503
15.12.25

Malwarebytes
Trojan.Agent
v2015.12.03.11

MicroWorld eScan
Gen:Variant.Mikey.28503
16.0.0.1011

Panda Antivirus
Trj/Genetic.gen
15.12.03.11

Qihoo 360 Security
HEUR/QVM08.0.Malware.Gen
1.0.0.1077

File size:
10 KB (10,240 bytes)

Common path:
C:\users\{user}\appdata\local\temp\nsla88d.tmp

File PE Metadata
Compilation timestamp:
12/2/2015 11:04:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
192:eKMEjoePfsbxXPXGU58XFHCDD+ar496AJH:zhjoeHsqhoV0YAJH

Entry address:
0x1000

Entry point:
6A, 70, 68, 38, 23, 40, 00, E8, F8, 01, 00, 00, 33, DB, 89, 5D, FC, 8D, 45, 80, 50, FF, 15, 00, 20, 40, 00, 83, CF, FF, 89, 7D, FC, 66, 81, 3D, 00, 00, 40, 00, 4D, 5A, 75, 28, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, 17, 0F, B7, 88, 18, 00, 40, 00, 81, F9, 0B, 01, 00, 00, 74, 20, 81, F9, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 2A, 83, B8, 84, 00, 40, 00, 0E, 76, F2, 33, C9, 39, 98, F8, 00, 40, 00, EB, 11, 83, B8, 74, 00, 40, 00, 0E, 76, DF, 33, C9, 39, 98, E8, 00, 40, 00, 0F, 95, C1...
 
[+]

Entropy:
4.9295

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
3 KB (3,072 bytes)

The file nsla88d.tmp has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-54-230-55-104.jfk6.r.cloudfront.net  (54.230.55.104:443)

TCP (HTTP SSL):
Connects to server-54-230-38-177.jfk1.r.cloudfront.net  (54.230.38.177:443)

Remove nsla88d.tmp - Powered by Reason Core Security