home

nsr5979.tmp

4981_cmi_mystartsearch

Thinknice Co., Limited

The file nsr5979.tmp by Thinknice Co., Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
7th  (signed by Thinknice Co., Limited)

Product:
4981_cmi_mystartsearch

Description:
7th

Version:
7,0,0,2852

MD5:
db22e4ac8926e45b2aa43534667558f9

SHA-1:
e6be994acf7033f49259923a38b70035be627216

SHA-256:
07bc7abc172ed6df8b55ac76acf749472bf34b81e298ff107d46da38bc9a616b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 5:51:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Thinknice.ThinkniceCo (M)
15.10.19.21

File size:
263.6 KB (269,944 bytes)

Product version:
7,0,0,2852

Copyright:
7th

Original file name:
7th

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\nsr5979.tmp

Digital Signature
Signed by:
Thinknice Co., Limited

Authority:
GlobalSign nv-sa

Valid from:
10/16/2015 9:56:46 AM

Valid to:
10/21/2015 9:26:52 AM

Subject:
CN="Thinknice Co., Limited", O="Thinknice Co., Limited", L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A999331F30FB5D6CFEB452D062BE7BA5

File PE Metadata
Compilation timestamp:
10/19/2015 8:46:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:CFPJjuzADwMKtQDPDWiqt1fKkBKKUK12/Oc+cTaJGxkxG/X:CDjuzAZFDC71LNUo2l+G

Entry address:
0x17D44

Entry point:
EC, 2B, F8, 74, 16, 33, C9, 85, FF, 0F, 9F, C1, 8D, 0C, 4D, FF, FF, FF, FF, 85, C9, 0F, 85, B5, 02, 00, 00, 0F, B6, 7E, ED, 0F, B6, 42, ED, 2B, F8, 74, 16, 33, C9, 85, FF, 0F, 9F, C1, 8D, 0C, 4D, FF, FF, FF, FF, 85, C9, 0F, 85, 93, 02, 00, 00, 0F, B6, 7E, EE, 0F, B6, 42, EE, 2B, F8, 74, 16, 33, C9, 85, FF, 0F, 9F, C1, 8D, 0C, 4D, FF, FF, FF, FF, 85, C9, 0F, 85, 71, 02, 00, 00, 0F, B6, 4E, EF, 0F, B6, 42, EF, 2B, C8, 74, 12, 33, C0, 85, C9, 0F, 9F, C0, 8D, 0C, 45, FF, FF, FF, FF, EB, 02, 33, C9, 85, C9, 0F...
 
[+]

Code size:
188 KB (192,512 bytes)

Remove nsr5979.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.