home

n7xmo.exe

Blue Box Sun

GFI Software (Florida) Inc.

The executable n7xmo.exe has been detected as malware by 16 anti-virus scanners.
Publisher:
GFI Software (Florida) Inc.  (signed and verified)

Product:
Blue Box Sun

Version:
8.00.0002

MD5:
a6f464bceae4ec3470ac375a95c76347

SHA-1:
745670972aa06860e2b4950de0f16648f5841b65

SHA-256:
11dee894782692a4d03f80e2159cdc8196b36af2e12104caaf78387804dd71c9

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
4/19/2024 2:40:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.531956
378

Avira AntiVirus
TR/Dropper.VB.26675
7.11.200.102

avast!
Win32:Dropper-gen [Drp]
2014.9-160123

AVG
Inject2
2017.0.2856

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.16123

Bitdefender
Gen:Variant.Kazy.531956
1.0.20.115

Dr.Web
Trojan.Siggen6.23087
9.0.1.023

Emsisoft Anti-Malware
Gen:Variant.Kazy.531956
8.16.01.23.11

ESET NOD32
Win32/Injector.BSLU (variant)
10.10989

F-Secure
Gen:Variant.Kazy.531956
11.2016-23-01_7

G Data
Gen:Variant.Kazy.531956
16.1.24

Malwarebytes
Trojan.EDVBGen
v2016.01.23.11

McAfee
RDN/Generic.grp!hu
5600.6512

MicroWorld eScan
Gen:Variant.Kazy.531956
17.0.0.69

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

File size:
205.9 KB (210,824 bytes)

Product version:
8.00.0002

Copyright:
Blue Box Sun

Trademarks:
Blue Box Sun

Original file name:
Bluesun.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\n7xmo.exe

Digital Signature
Signed by:
GFI Software (Florida) Inc.

Authority:
VeriSign, Inc.

Valid from:
1/25/2012 5:00:00 PM

Valid to:
1/25/2015 4:59:59 PM

Subject:
CN=GFI Software (Florida) Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GFI Software (Florida) Inc., L=Clearwater, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
54323DBF4B8E5CFDD565697A3B7EBDDA

File PE Metadata
Compilation timestamp:
11/15/2014 4:12:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:Nu8D/l1jiHNQAOEGwurkX2P2NstEZxPbgnB0HMys/fjLi:Q8DDmGzJ47hzAB2Mys3i

Entry address:
0x11F0

Entry point:
68, 28, DF, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 66, 1F, F7, 59, 76, 24, 6F, 48, 9C, A5, 0A, 41, FA, D9, D2, AD, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 65, 02, 83, 00, 00, 00, 43, 68, 6F, 72, 67, 69, 74, 74, 65, 72, 00, 00, F0, 07, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 05, 9E, 80, 46, 2B, 6D, 9D, DF, 40, B1, 3D, 63, 8A, 1A, 71, 2D, 62, 6F, B9, D6, 96, FC, 84, DB, 48, B5, 25, 66, 00, 21, AA, 7C, 6B, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
6.4283

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
184 KB (188,416 bytes)

Remove n7xmo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.