nsw84c.tmp

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from livestatscounter.com.
MD5:
07ec5ac5a94125311b3fefa863c0bce4

SHA-1:
57e2b47f03f2268e9b3b98618fbf4989472c34eb

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/23/2024 10:40:55 PM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1077

SUPERAntiSpyware
Trojan.Agent/Gen-Zbot
9468

File size:
123.6 KB (126,570 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\nsw84c.tmp

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:egXdZt9P6D3XJwM4EDDuO8fhn5VfLeu2/9X/BPNoTRZle:ee34zJDDqhn5Y/9vBPiRZle

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.7787

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file nsw84c.tmp has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to server-204-246-169-90.jfk1.r.cloudfront.net  (204.246.169.90:443)

Scan nsw84c.tmp - Powered by Reason Core Security