nsu731d.tmp

Compete Inc

The file nsu731d.tmp by Compete Inc has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from securehost-2.com. While running, it connects to the Internet address mail.reconart.com on port 443.
Publisher:
Compete Inc  (signed and verified)

Version:
3.2.4.4265

MD5:
fba9f8238c551c871c2826d1d161281f

SHA-1:
95febda33bf31b288176bb184a346c76ad7621a4

SHA-256:
c2f2f8310a97128390506057158618c68ca6ae11d52e086ceeb682215714f8c7

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:47:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Installer.Compete
15.4.21.20

VIPRE Antivirus
Compete
39562

File size:
1.8 MB (1,842,872 bytes)

Product version:
3.2.4.4265

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\nsu731d.tmp

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
12/21/2014 7:00:00 PM

Valid to:
3/22/2018 7:59:59 PM

Subject:
CN=Compete Inc, O=Compete Inc, L=Boston, S=Massachusetts, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0A6DDD60D9E6C4FAA56565923F8669C2

File PE Metadata
Compilation timestamp:
9/26/2011 9:21:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:E6Sul3Ha/MFEXzTiOGsf/wlD7rFb5Xs0GNYzUbMFE3rTROdXdmcJ6vSMJxVt+l26:XZP2Es3wJ9b5eYV2aXLJlSrE

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.9838

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file nsu731d.tmp has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to mail.reconart.com  (199.79.48.60:443)

Remove nsu731d.tmp - Powered by Reason Core Security