home

nssm.exe

NSSM 32-bit

The executable nssm.exe, “The non-sucking service manager” has been detected as malware by 14 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “PPOB Bukopin”. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
Product:
NSSM 32-bit

Description:
The non-sucking service manager

Version:
2.24

MD5:
562202216972398973d008201682233d

SHA-1:
548eba9213b1d5b74df061ab755bda3d4cfb56b9

SHA-256:
dec9092d4cb51df609be369154c2f071ec327bacfac013358eea45b514870646

Scanner detections:
14 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/25/2024 1:27:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.2.OE
5691347

avast!
Win32:Kukacka
160127-1

AVG
Win32/Tanatos.J
2015.0.4477

Clam AntiVirus
W32.Sality-27
0.98/21328

Dr.Web
Win32.Sector.5
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality.2.OE
10.0.0.5366

ESET NOD32
Win32/Sality.NAO virus
7.0.302.0

F-Prot
W32/Sality.AJ
4.6.5.141

F-Secure
Win32.Sality.2.OE
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5033.0

Norman
Win32.Sality.2.OE
11.01.2016 17:30:26

Sophos
Virus 'W32/Sality-AM'
5.22

File size:
348 KB (356,352 bytes)

Product version:
2.24

Copyright:
Public Domain; Author Iain Patterson 2003-2014

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ppob bukopin\nssm.exe

File PE Metadata
Compilation timestamp:
8/31/2014 10:34:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
6144:uBULviqYnI3QA7JTXRnZSHL2GZbkq/TZgLgst2rDkXNBwPVxkB+57:SqBlq/TZgUsxXNBEVxkBa

Entry address:
0x13E53

Entry point:
60, 6A, 00, FF, 15, B4, D1, 41, 00, E8, 00, 00, 00, 00, 33, F3, FE, CA, EB, 01, 9C, 8B, F5, 58, 81, C0, 28, 5B, EE, 00, C6, C7, B2, F6, C1, C2, D2, DF, 81, E8, 89, D9, EA, 00, 0F, CA, F7, C2, A7, CE, 59, B8, 81, F3, 29, 48, EB, 02, 50, 81, C0, 4D, 04, 00, 00, D2, DF, F6, C1, 22, 1A, FA, 81, C0, CB, 10, 00, 00, 0A, D0, D1, E1, 13, CD, 81, E8, 02, 04, 00, 00, 87, CB, 89, E9, 13, CD, 50, 81, E8, 98, 42, 8D, 01, 0F, C9, F7, C2, 67, 8E, 19, 78, BB, E9, 08, AB, C2, 81, C0, 82, 31, 8D, 01, 8D, 2D, D2, 4D, DC, 2F...
 
[+]

Entropy:
6.1664

Code size:
111.5 KB (114,176 bytes)

Service
Display name:
PPOB Bukopin

Type:
Win32OwnProcess


Remove nssm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.