home

nsnf8c8.tmpfs

The file nsnf8c8.tmpfs has been detected as a potentially unwanted program by 10 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “In Real Time Signal”.
MD5:
fbc42610db85cb5701e8ca833761eb7b

SHA-1:
930e40f5884b44271b72785594a8f35ebb4fe51f

SHA-256:
97ad766851c4d95bb74746784905bae11554707485e8a55dbbe4c94935a922df

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 3:46:07 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen
3.6.1.96

avast!
Win32:Rootkit-gen [Rtk]
2014.9-150726

Emsisoft Anti-Malware
Gen:Variant.Adware.Zusy.139193
8.15.07.26.03

ESET NOD32
Win32/Adware.ConvertAd.BR (variant)
9.11562

F-Prot
W32/SuspPack.AA.gen
4.6.5.141

herdProtect (fuzzy)
variant of nsj4a00.tmpfs
2015.7.26.3

McAfee
RDN/Generic PUP.x!c2p
5600.6693

Qihoo 360 Security
HEUR/QVM00.1.Malware.Gen
1.0.0.1015

Sophos
Generic PUA BN
4.98

VIPRE Antivirus
Trojan.Win32.Generic
39854

File size:
121 KB (123,904 bytes)

Common path:
C:\users\{user}\appdata\roaming\9e9f264e-1425038666-db11-be9b-0016d4f610ce\nsnf8c8.tmpfs

File PE Metadata
Compilation timestamp:
1/1/2008 2:55:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.0

CTPH (ssdeep):
3072:Mit4QDZT5wk4GL7haqrmiwobFOb/u1n3:ME11T5f4GL7lrmxoblV

Entry address:
0x1C0

Entry point:
33, C0, C2, 08, 00, 00, 00, 00, 0D, 0A, 0D, 0A, 54, 68, 69, 73, 20, 66, 69, 6C, 65, 20, 77, 61, 73, 20, 73, 61, 6E, 69, 74, 69, 7A, 65, 64, 20, 62, 79, 20, 61, 76, 61, 73, 74, 21, 20, 41, 6E, 74, 69, 76, 69, 72, 75, 73, 2E, 0D, 0A, 0D, 0A, 00, 00, 02, 54, 36, 47, 00, 00, 00, 80, 01, 00, 00, 48, 00, 00, 00, 68, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 40, 2E, 64, 61, 74, 61, 00, 00, 00, 30, 33, 00, 00, 00, D0, 01, 00, 00, 14, 00, 00, 00, B0, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3879

Code size:
128 Bytes (128 bytes)

Service
Display name:
In Real Time Signal

Service name:
gibololy

Description:
Ongoing updates responsible service.

Type:
Win32OwnProcess


Remove nsnf8c8.tmpfs - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.