nsraf27.exe

The application nsraf27.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. While running, it connects to the Internet address cache.google.com on port 80 using the HTTP protocol.
MD5:
4d8586cfb4f53a149745d1e6b53d36c7

SHA-1:
b69e3036d7131bf3e3eabaf6cfe54758c9d70cf0

SHA-256:
0a4f8f284e9df2d2d7a2d84dd54cc38be11534549f408c713a2b8192c59e25d7

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 8:25:46 PM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.267537
10.0.0.5366

ESET NOD32
Win32/Toolbar.Linkury.AS potentially unwanted application
8.0.319.0

F-Secure
Variant.Adware.Graftor
5.15.21

Norman
Gen:Variant.Adware.Graftor.267537
19.02.2016 10:08:15

File size:
516 KB (528,384 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\nsraf27.exe

File PE Metadata
Compilation timestamp:
2/20/2016 10:34:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:YJ66h6w8c8WwBir0emtsMgu+yYXZkqCbiS:W6id8fmMguCXC9

Entry address:
0x7789

Entry point:
E8, 07, 3F, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 54, 60, 41, 00, 6A, 01, A3, E4, F7, 41, 00, E8, F7, 43, 00, 00, FF, 75, 08, E8, 8C, 43, 00, 00, 83, 3D, E4, F7, 41, 00, 00, 59, 59, 75, 08, 6A, 01, E8, DD, 43, 00, 00, 59, 68, 09, 04, 00, C0, E8, 5A, 43, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 66, C3, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, C8, F5, 41, 00, 89, 0D, C4, F5, 41, 00, 89, 15, C0, F5, 41, 00, 89, 1D, BC, F5, 41, 00, 89, 35, B8, F5, 41, 00, 89, 3D, B4...
 
[+]

Code size:
81 KB (82,944 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cache.google.com  (80.233.168.121:80)

TCP (HTTP):
Connects to blob.ch3prdstr06a.store.core.windows.net  (23.98.55.152:80)

TCP (HTTP):
Connects to ec2-50-16-208-14.compute-1.amazonaws.com  (50.16.208.14:80)

TCP (HTTP):
Connects to a212-93-100-211.deploy.akamaitechnologies.com  (212.93.100.211:80)

TCP (HTTP):
Connects to rumo02.proinity.net  (194.63.141.18:80)

TCP (HTTP):
Connects to ec2-54-75-254-29.eu-west-1.compute.amazonaws.com  (54.75.254.29:80)

TCP (HTTP):
Connects to ec2-54-228-185-110.eu-west-1.compute.amazonaws.com  (54.228.185.110:80)

TCP (HTTP):
Connects to ec2-52-5-48-152.compute-1.amazonaws.com  (52.5.48.152:80)

TCP (HTTP):
Connects to ec2-184-72-255-181.compute-1.amazonaws.com  (184.72.255.181:80)

TCP (HTTP):
Connects to dis.criteo.com  (178.250.2.76:80)

TCP (HTTP):
Connects to cas.criteo.com  (178.250.2.71:80)

TCP (HTTP):
Connects to 94.31.29.64.IPYX-077437-ZYO.above.net  (94.31.29.64:80)

Remove nsraf27.exe - Powered by Reason Core Security