» knsu85bd.tmpfs
Overview
Analysis
File Details
Behaviors (1)

knsu85bd.tmpfs

The file knsu85bd.tmpfs has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Icon Charger”.

File name:

knsu85bd.tmpfs

MD5:

d2aabbd3785cfef31e46c4e461fa854f

SHA-1:

edae4f9b7af18a0257bc8c0c26168ef2bf94dd52

SHA-256:

25f0812edb3c676537d9b03aeb0848f73749ffc81a125d5f28775fd270381ed4

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 2:04:16 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.ConvertAd

4.0.3.1591

ESET NOD32

Win32/Adware.ConvertAd.YE (variant)

9.12184

Reason Heuristics

Adware.ConvertAd.Meta (M)

15.12.25.22

File size:

723.5 KB (740,864 bytes)

Common path:

C:\Program Files\e4fd0cb0-1441123864-e411-a26a-f0761ca007c7\knsu85bd.tmpfs

File PE Metadata

Compilation timestamp:

9/1/2015 5:55:50 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:f7PkJPB/kJ+XLktOII3L/ICvqMIXGiUnRlLfRlxC7ueb9DA+dJLXpNWwEJxVJHwZ:TsJPB+mLkQIM/TvqMIXGisRF1+b9DAky

Entry address:

0x6E579

Entry point:

E8, 8A, 99, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, D4, 4E, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 7C, 41, 49, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 55, 08, 56, 57, 85, D2, 74, 07, 8B, 7D, 0C, 85, FF, 75, 13, E8, 10, 16, 00, 00, 6A, 16, 5E, 89, 30, E8, 7B, 15, 00, 00, 8B, C6, EB, 33, 8B, 45... 
[+]

Entropy:

6.7251

Code size:

586 KB (600,064 bytes)

Service

Display name:

Icon Charger

Service name:

nujesecu

Description:

Line TV

Type:

Win32OwnProcess

Remove knsu85bd.tmpfs - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.