vnsq431.tmp

The file vnsq431.tmp has been detected as malware by 3 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. Additionally, the file is typically installed by a number of programs including Remote Desktop Access (VuuPC) by CMI Limited and Eppink by Eppink, both potentially unwanted software. The file has been seen being downloaded from d2vubraihqcany.cloudfront.net.
Description:
install

Version:
1.0.0.0

MD5:
69ab13bcaa2bfbd38f65b9fe44e4ccec

SHA-1:
7b5fae726383dabcbb3b29a968942c825dab4856

SHA-256:
a777ddcbcd58953883a9a8ba556e387e01d657938b26b7e8a01e397f589ee346

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/24/2024 1:47:39 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
(M)
16.6.17.18

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15306

File size:
351.3 KB (359,770 bytes)

Product version:
1.0.0.0

Copyright:
(c) 2014

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Application data\45566840-1425813129-11d7-a71b-00e018e62147\vnsq431.tmp

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:oe34bTv0d2CqePmtMStuLDPkL75+ZPPfnE2Qyn2FEtt2NB6+sejpRgTXChStt2kA:gTv0uePAZtuDMLF+ZPPfnEUnsEWfXseX

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9116

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file vnsq431.tmp has been discovered within the following programs.

Eppink  by Eppink
62% remove it
Developed and distributed through bundled installer from Click Me In. The software may be bundled by 3rd-party products using the InstallCore distribution platform.
vuupc.com/terms.html
About 82% of users remove it
 
Powered by Should I Remove It?

The file vnsq431.tmp has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-50-19-251-15.compute-1.amazonaws.com  (50.19.251.15:80)

TCP (HTTP):
Connects to ec2-184-73-245-76.compute-1.amazonaws.com  (184.73.245.76:80)

Remove vnsq431.tmp - Powered by Reason Core Security