» cnsced32.tmp
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

cnsced32.tmp

The file cnsced32.tmp has been detected as a potentially unwanted program by 19 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “File Callout”. The file has been seen being downloaded from d2htwdv930b0cg.cloudfront.net.

File name:

cnsced32.tmp

MD5:

1f8ff7c02e390cd95defda59c75606ad

SHA-1:

4d76c7649e54367c9b611ef9dd6acf502e77ffaf

SHA-256:

ecc210f165d28632938524bef294d4887211bcdee7c213dcd5f469bb9559f6f7

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 2:31:06 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Mikey.11188

636

Agnitum Outpost

PUA.ConvertAd

7.1.1

avast!

Win32:Adware-gen [Adw]

2014.9-150509

AVG

Generic6

2016.0.3114

Bitdefender

Gen:Variant.Mikey.11188

1.0.20.645

Comodo Security

ApplicUnwnt

21969

Dr.Web

Adware.ClickMeIn.1035

9.0.1.0129

Emsisoft Anti-Malware

Gen:Variant.Mikey.11188

8.15.05.09.05

ESET NOD32

Win32/Adware.ConvertAd.GE (variant)

9.11563

Fortinet FortiGate

Riskware/ConvertAd

5/9/2015

G Data

Gen:Variant.Mikey.11188

15.5.25

K7 AntiVirus

Adware

13.203.15779

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2066

MicroWorld eScan

Gen:Variant.Mikey.11188

16.0.0.387

NANO AntiVirus

Riskware.Win32.ClickMeIn.dqypzw

0.30.24.1357

Reason Heuristics

Threat.Win.Reputation.IMP

15.5.9.13

VIPRE Antivirus

Trojan.Win32.Generic

39870

ViRobot

Trojan.Win32.S.Agent.162816.CD[h]

2014.3.20.0

Zillya! Antivirus

Adware.ConvertAd.Win32.406

2.0.0.2164

File size:

159 KB (162,816 bytes)

Common path:

C:\users\{user}\appdata\local\4ab08320-1428679896-81e2-344d-7c05078e024a\cnsced32.tmp

File PE Metadata

Compilation timestamp:

4/10/2015 10:43:33 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:gUlYxjfztZrwyV/GcNFvffsdQ1dd45ysgs1+1XE97G:3ixjfzTPPvOYwgy9

Entry address:

0xB917

Entry point:

E8, 04, 39, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 55, 08, 56, 57, 85, D2, 74, 07, 8B, 7D, 0C, 85, FF, 75, 13, E8, E3, 3B, 00, 00, 6A, 16, 5E, 89, 30, E8, 4E, 3B, 00, 00, 8B, C6, EB, 33, 8B, 45, 10, 85, C0, 75, 04, 88, 02, EB, E2, 8B, F2, 2B, F0, 8A, 08, 88, 0C, 06, 40, 84, C9, 74, 03, 4F, 75, F3, 85, FF, 75, 11, C6, 02, 00, E8, AD, 3B, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, C6, 33, C0, 5F, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 83, 3D, F4, 76, 42, 00, 00, 75, 18, E8, 1B, 30, 00, 00, 6A, 1E, E8, 65... 
[+]

Code size:

119.5 KB (122,368 bytes)

Service

Display name:

File Callout

Service name:

kyruwyki

Description:

Justified Feature

Type:

Win32OwnProcess

The file cnsced32.tmp has been seen being distributed by the following URL.

http://d2htwdv930b0cg.cloudfront.net/CASrv.exe

Remove cnsced32.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.