home

nengine.dll

nengine

NewNextDotMe

The module nengine.dll, “NewNext Helper Engine” has been detected as adware by 39 anti-malware scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
NewNextDotMe

Product:
nengine

Description:
NewNext Helper Engine

Version:
0.3.2.0

MD5:
fa6f66f76808dbc5636a68b44b37adb3

SHA-1:
aed3140edcd32c610d8b96865fc2e7b9ab63c4a1

SHA-256:
928900db0c080d8dc11298f710fe2699b1813ea83cbe73c8894ab3cd2802b567

Scanner detections:
39 / 68

Status:
Adware

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/25/2024 2:54:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.NewNextMe.A
911

Agnitum Outpost
Win32.Nimnul.Gen.2
7.1.1

AhnLab V3 Security
Win32/Ramnit.J
2014.08.08

Avira AntiVirus
W32/Ramnit.C
7.11.30.172

avast!
Win32:RmnDrp
2014.9-140807

AVG
Win32/Zbot.G
2015.0.3389

Baidu Antivirus
Virus.Win32.Nimnul.$a
4.0.3.1487

Bitdefender
Adware.NewNextMe.A
1.0.20.1095

Bkav FE
W32.Tmgrtext.PE
1.3.0.4959

Clam AntiVirus
W32.Ramnit-1
0.98/19265

Comodo Security
Virus.Win32.Ramnit.K
19119

Dr.Web
Adware.NextLive.1, Win32.Rmnet.8
9.0.1.0219

Emsisoft Anti-Malware
Adware.NewNextMe
8.14.08.07.10

ESET NOD32
Win32/Ramnit.H virus
8.7.0.302.0

Fortinet FortiGate
W32/Ramnit.C
8/7/2014

F-Prot
W32/Ramnit.E
v6.4.6.5.141

F-Secure
Adware.NewNextMe.A
11.2014-07-08_5

G Data
Adware.NewNextMe
14.8.24

IKARUS anti.virus
AdWare.NewNextMe
t3scan.1.6.1.0

K7 AntiVirus
Virus
13.183.12981

Kaspersky
Virus.Win32.Nimnul
14.0.0.3440

Malwarebytes
Virus.Ramnit
v2014.08.07.10

McAfee
W32/Ramnit.a
5600.7045

Microsoft Security Essentials
Threat.Undefined
1.179.2322.0

MicroWorld eScan
Adware.NewNextMe.A
15.0.0.657

NANO AntiVirus
Virus.Win32.Nimnul.bmnup
0.28.2.61349

nProtect
Virus/W32.SpyEye
14.08.07.01

Panda Antivirus
W32/Nimnul.A
14.08.07.10

Qihoo 360 Security
Virus.Win32.Ramnit.A
1.0.0.1015

Quick Heal
W32.Ramnit.A
8.14.14.00

Reason Heuristics
PUP.NewNextDotMe.H
14.8.7.17

Rising Antivirus
PE:Win32.Mgr.b!1594784
23.00.65.14805

Sophos
W32/Ramnit-A
4.98

Total Defense
Win32/Ramnit.C
37.0.11105

Trend Micro House Call
PE_RAMNIT.DEN
7.2.219

Trend Micro
PE_RAMNIT.DEN
10.465.07

Vba32 AntiVirus
Virus.Win32.Nimnul.b
3.12.26.3

VIPRE Antivirus
Threat.4732184
31208

ViRobot
Win32.Nimnul.A
2011.4.7.4223

File size:
1.6 MB (1,650,081 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2013

Original file name:
nengine.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\newnext.me\nengine.dll

File PE Metadata
Compilation timestamp:
11/14/2013 8:23:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:EObe3zvVLVGI7FCMR5F3pmMHxCBICXDrENrMX9sG34vfnT+uxjut9/:nq3DpzmEKcrMXB4vfnicw9/

Entry address:
0x151000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, CE, B2, 01, 20, 2B, 85, 35, BA, 01, 20, 89, 85, 31, BA, 01, 20, B0, 00, 86, 85, 66, BC, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 61, BB, 01, 20, 00, 74, 33, 83, BD, 65, BB, 01, 20, 00, 74, 2A, 8B, 85, 31, BA, 01, 20, 2B, 85, 61, BB, 01, 20, 8B, 00, 89, 85, 9E, BB, 01, 20, 8B, 85, 31, BA, 01, 20, 2B, 85, 65, BB, 01, 20, 8B, 00, 89, 85, A2, BB, 01, 20, EB, 61, 83, BD, 69, BB, 01, 20, 00, 74, 58, 8B, 85, 31, BA, 01, 20, 2B, 85, 69, BB, 01, 20, FF, 30, 8D, 85...
 
[+]

Entropy:
6.9701

Packer / compiler:
ASPack v1.08.04

Code size:
981.5 KB (1,005,056 bytes)

Remove nengine.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.