nsx5108.tmp

The file nsx5108.tmp has been detected as a potentially unwanted program by 11 anti-malware scanners. The file has been seen being downloaded from d24u51ac8ybaqu.cloudfront.net. While running, it connects to the Internet address server-54-192-54-195.jfk6.r.cloudfront.net on port 443.
MD5:
2e96a9f575c105176975b54dbb9549df

SHA-1:
83bfcfe808aed802e3ec237cd5c2906d979bd7e5

SHA-256:
1f3abb41c5cd49928540badfc5f6c3dffb04d34c4bd5681a7104b7dc3d1133eb

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
12/24/2024 4:53:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.28503
5694297

AhnLab V3 Security
PUP/Win32.CrossRider
2015.11.30

Arcabit
Trojan.Mikey.D6F57
1.0.0.624

Bitdefender
Gen:Variant.Mikey.28503
1.0.20.1665

Emsisoft Anti-Malware
Gen:Variant.Mikey.28503
10.0.0.5366

F-Secure
Gen:Variant.Mikey.28503
5.15.21

G Data
Gen:Variant.Mikey.28503
15.11.25

MicroWorld eScan
Gen:Variant.Mikey.28503
16.0.0.999

Norman
Gen:Variant.Mikey.28503
07.10.2015 03:16:12

Panda Antivirus
Trj/Genetic.gen
15.11.29.01

Qihoo 360 Security
HEUR/QVM08.0.Malware.Gen
1.0.0.1077

File size:
10 KB (10,240 bytes)

Common path:
C:\users\{user}\appdata\local\temp\nsx5108.tmp

File PE Metadata
Compilation timestamp:
11/29/2015 6:40:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
192:3OgjUeyKsZcIzPXGU5WIdHCDagyirUu6AJO:NjUe9sqXQeyiCAJ

Entry address:
0x1000

Entry point:
6A, 70, 68, 38, 23, 40, 00, E8, F8, 01, 00, 00, 33, DB, 89, 5D, FC, 8D, 45, 80, 50, FF, 15, 00, 20, 40, 00, 83, CF, FF, 89, 7D, FC, 66, 81, 3D, 00, 00, 40, 00, 4D, 5A, 75, 28, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, 17, 0F, B7, 88, 18, 00, 40, 00, 81, F9, 0B, 01, 00, 00, 74, 20, 81, F9, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 2A, 83, B8, 84, 00, 40, 00, 0E, 76, F2, 33, C9, 39, 98, F8, 00, 40, 00, EB, 11, 83, B8, 74, 00, 40, 00, 0E, 76, DF, 33, C9, 39, 98, E8, 00, 40, 00, 0F, 95, C1...
 
[+]

Entropy:
4.9246

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
3 KB (3,072 bytes)

The file nsx5108.tmp has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-54-230-53-72.jfk6.r.cloudfront.net  (54.230.53.72:443)

TCP (HTTP SSL):
Connects to server-54-230-39-234.jfk1.r.cloudfront.net  (54.230.39.234:443)

TCP (HTTP SSL):
Connects to server-54-230-38-187.jfk1.r.cloudfront.net  (54.230.38.187:443)

TCP (HTTP SSL):
Connects to server-54-230-36-204.jfk1.r.cloudfront.net  (54.230.36.204:443)

TCP (HTTP SSL):
Connects to server-54-192-55-204.jfk6.r.cloudfront.net  (54.192.55.204:443)

TCP (HTTP SSL):
Connects to server-54-192-55-178.jfk6.r.cloudfront.net  (54.192.55.178:443)

TCP (HTTP SSL):
Connects to server-54-192-54-195.jfk6.r.cloudfront.net  (54.192.54.195:443)

TCP (HTTP SSL):
Connects to server-205-251-251-253.jfk5.r.cloudfront.net  (205.251.251.253:443)

TCP (HTTP SSL):
Connects to server-205-251-251-189.jfk5.r.cloudfront.net  (205.251.251.189:443)

Remove nsx5108.tmp - Powered by Reason Core Security