home

nsb69e2.tmp

The file nsb69e2.tmp has been detected as a potentially unwanted program by 18 anti-malware scanners. The file has been seen being downloaded from s3.amazonaws.com.
MD5:
ad10ba414668c3a6a26a3189e2969ebf

SHA-1:
ac597ff4cdb2ddbf589df3b167db49829df30f81

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 8:07:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2481759
581

Arcabit
Trojan.Generic.D25DE5F
1.0.0.425

Baidu Antivirus
Adware.Win32.Downloader
4.0.3.1574

Bitdefender
Trojan.GenericKD.2481759
1.0.20.925

Emsisoft Anti-Malware
Trojan.GenericKD.2481759
8.15.07.04.05

ESET NOD32
Win32/Adware.ConvertAd.RU (variant)
9.11885

F-Secure
Trojan.GenericKD.2481759
11.2015-04-07_7

G Data
Trojan.GenericKD.2481759
15.7.25

K7 AntiVirus
Adware
13.205.16454

Kaspersky
Trojan-Downloader.Win32.Genome
14.0.0.1789

MicroWorld eScan
Trojan.GenericKD.2481759
16.0.0.555

nProtect
Trojan/W32.Rootkit.97243
15.07.03.02

Panda Antivirus
Trj/CI.A
15.07.04.05

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1015

Quick Heal
TrojanDownloader.gen.r5
7.15.14.00

SUPERAntiSpyware
Trojan.Agent/Gen-VBInject
9775

Trend Micro
TROJ_GEN.R047C0EFQ15
10.465.04

VIPRE Antivirus
Trojan.Win32.Generic
41680

File size:
95 KB (97,243 bytes)

Common path:
C:\users\{user}\appdata\local\temp\nsb69e2.tmp

The file nsb69e2.tmp has been seen being distributed by the following URL.

https://s3.amazonaws.com/cf_vopackage/.../SearchUpdater.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.17.172:80)

TCP (HTTP):
Connects to ec2-54-243-223-101.compute-1.amazonaws.com  (54.243.223.101:80)

TCP (HTTP):
Connects to ec2-52-1-45-42.compute-1.amazonaws.com  (52.1.45.42:80)

TCP (HTTP):
Connects to ec2-50-19-209-94.compute-1.amazonaws.com  (50.19.209.94:80)

TCP (HTTP):
Connects to ec2-23-21-181-25.compute-1.amazonaws.com  (23.21.181.25:80)

TCP (HTTP):
Connects to ec2-23-21-107-238.compute-1.amazonaws.com  (23.21.107.238:80)

TCP (HTTP):
Connects to ec2-184-73-245-27.compute-1.amazonaws.com  (184.73.245.27:80)

TCP (HTTP):
Connects to ec2-174-129-234-43.compute-1.amazonaws.com  (174.129.234.43:80)

Remove nsb69e2.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.