» nfsmwpatch1.3-27089203.exe
Overview
Analysis
File Details
Downloads (1)

nfsmwpatch1.3-27089203.exe

ProInstall Applications SRL

The application nfsmwpatch1.3-27089203.exe by ProInstall Applications SRL has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.reporting-download.com.

File name:

Publisher:

ProInstall Applications SRL (signed and verified)

MD5:

303c71612df585883078dedab6d77586

SHA-1:

4ad013460aad545d8c75c6ebc9701faf5b471629

SHA-256:

b28ab6b00655fd9cef54f2517c0c56b11172ed144b4896790f52bd56662f8918

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

6/3/2024 1:35:12 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ProInstall (M)

16.7.16.12

File size:

226.8 KB (232,200 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\nfsmwpatch1.3-27089203.exe

Digital Signature

Signed by:

ProInstall Applications SRL

Authority:

COMODO CA Limited

Valid from:

12/30/2014 2:00:00 AM

Valid to:

12/31/2015 1:59:59 AM

Subject:

CN=ProInstall Applications SRL, OU=iops, O=ProInstall Applications SRL, STREET="Bd Decebal 25-29, Et 9", STREET=Spatiul 9.1 Camera A, L=Bucuresti, S=Sector 3, PostalCode=030964, C=RO

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AF972B5E3981E787C9DBFFB307AD7D02

File PE Metadata

Compilation timestamp:

2/24/2012 9:19:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:lweqOYEUXPntyvd4e3pdUR6jtCnjm84OhpIYF:KEUX8lB3soknjH5hpIQ

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

The file nfsmwpatch1.3-27089203.exe has been seen being distributed by the following URL.

http://www.reporting-download.com/.../?appid=10471256

Remove nfsmwpatch1.3-27089203.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.