» nsk1293.tmp
Overview
Analysis
File Details

nsk1293.tmp

LLC

The file nsk1293.tmp by LLC has been detected as adware by 18 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

nsk1293.tmp

Publisher:

LLC (signed and verified)

MD5:

0d4761e8744152b6f5efa4f6410f848c

SHA-1:

6880a9e8ff2ae4d25660955b9b8865e191fad99c

SHA-256:

b28e6109642022d2be68c2bcbad2a48dd3f3d2614f109b2444f31799b23c419a

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

5/18/2024 11:44:00 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BJHE

570

Avira AntiVirus

APPL/InstallMonst.KF

3.6.1.96

avast!

SMSSend-CLX [Trj]

2014.9-150412

AVG

Generic

2016.0.3141

Bitdefender

Trojan.Agent.BJHE

1.0.20.975

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.InstallMonster

9.0.1.0102

Emsisoft Anti-Malware

Trojan.Agent.BJHE

8.15.07.14.08

ESET NOD32

Win32/InstallMonstr.KC potentially unwanted application

9.7.0.302.0

F-Secure

Trojan.Agent.BJHE

11.2015-14-07_3

herdProtect (fuzzy)

variant of nswb931.tmp (Adware)

2015.7.14.20

K7 AntiVirus

Riskware

13.202.15641

Kaspersky

Trojan.Win32.Inject

14.0.0.2164

MicroWorld eScan

Trojan.Agent.BJHE

16.0.0.585

nProtect

Trojan.Agent.BJHE

15.04.30.01

Reason Heuristics

Threat.Amonitize

15.4.12.15

VIPRE Antivirus

Threat.4150696

39676

Zillya! Antivirus

Trojan.Inject.Win32.163284

2.0.0.2143

File size:

7 MB (7,310,344 bytes)

Common path:

C:\users\{user}\appdata\local\temp\nsk1293.tmp

Digital Signature

Signed by:

LLC

Authority:

COMODO CA Limited

Valid from:

2/9/2015 10:00:00 PM

Valid to:

2/10/2016 9:59:59 PM

Subject:

CN="LLC ""Samson""", O="LLC ""Samson""", STREET="Street anchor, 13, office 320", L=Kyyiv, S=Kyyivska, PostalCode=04119, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F071B2589872DF7AAA06AE7B9E8791C1

File PE Metadata

Compilation timestamp:

4/12/2015 3:31:43 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:En1v0ITFRlCmgRFmntz+/kP7/JpHrg+yauQ:Mv0ITvlcnAz+sPTvinQ

Entry address:

0x3AD59C

Entry point:

55, 8B, EC, B9, 05, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 48, 51, 7A, 00, E8, AC, 0A, C6, FF, 33, C0, 55, 68, 2C, D8, 7A, 00, 64, FF, 30, 64, 89, 20, BF, 4A, 02, 00, 00, 8B, 35, 34, 9D, 8B, 00, 81, C6, 24, 09, 00, 00, 8B, C7, E8, A6, 95, C5, FF, E8, 3D, 98, E0, FF, 8D, 55, EC, B8, 16, 00, 00, 00, E8, C4, 65, FF, FF, 8B, 45, EC, E8, A4, C8, C5, FF, 50, 8D, 55, E4, B8, 1E, 00, 00, 00, E8, 72, 58, FF, FF, 8B, 45, E4, E8, 8E, C8, C5, FF, 8B, D0, 8D, 45, E8, E8, D0, C5, C5, FF, 8B, 45, E8, E8... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

3.7 MB (3,852,288 bytes)

Remove nsk1293.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.