home

nsofe87.tmp

AnyProtect

ClickMeIn Ltd.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file nsofe87.tmp, “Any Protect Setup” by ClickMeIn has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the installCore installer.
Publisher:
AnyProtect.com  (signed by ClickMeIn Ltd.)

Product:
AnyProtect

Description:
Any Protect Setup

Version:
1.0.0.0

MD5:
898ab4b7034b44a922acc1e84ee7d95f

SHA-1:
6d7b23af810a5034005425aabf911541f8076c94

SHA-256:
cf73e93f0cf860dc7e2f44567cdfafb0717eb924d4ea91d5100acc4bb1781c62

Scanner detections:
25 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 11:19:25 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11769268
466

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
NSIS:Adware-RM [PUP]
2014.9-150830

AVG
Generic_s
2016.0.3001

Bitdefender
Trojan.Generic.11769268
1.0.20.1500

Dr.Web
Adware.Downware.3560
9.0.1.0242

ESET NOD32
Win32/VOPackage.BC potentially unwanted
9.11699

F-Secure
Trojan.Generic.11769268
11.2015-27-10_3

G Data
NSIS.Application.AnyProtect
15.8.25

herdProtect (fuzzy)
variant of nso880f.tmp (Adware)
2015.10.27.1

K7 AntiVirus
Unwanted-Program
13.183.13535

Kaspersky
not-a-virus:AdWare.NSIS.AnProt
14.0.0.1501

Malwarebytes
PUP.Optional.AnyProtect.A
v2015.08.30.09

McAfee
Artemis!F0D914FA854B
5600.6657

MicroWorld eScan
Trojan.Generic.11769268
16.0.0.900

NANO AntiVirus
Riskware.Win32.AnyProtect.difcxk
0.30.24.1636

nProtect
Trojan.Generic.11769268
14.09.30.01

Panda Antivirus
Generic Suspicious
15.08.30.09

Quick Heal
PUA.AnyProtect.A5
8.15.14.00

Reason Heuristics
PUP.installCore.ClickMeIn.Installer (M)
15.8.30.21

Rising Antivirus
PE:Trojan.Win32.Generic.17D621E9!399909353
23.00.65.15828

Sophos
AnyProtect
4.98

Total Defense
Win32/Tnega.RQNYeIC
37.1.62.1

Vba32 AntiVirus
AdWare.AnProt
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
33548

File size:
1.1 MB (1,107,304 bytes)

Product version:
1.0.0.0

Copyright:
Copyright 2013

Trademarks:
Any Protect is a registered trademark of CMI

Bundler/Installer:
installCore (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\nsofe87.tmp

Digital Signature
Signed by:
ClickMeIn Ltd.

Authority:
Starfield Technologies, Inc.

Valid from:
3/17/2014 10:20:06 AM

Valid to:
3/17/2015 10:20:06 AM

Subject:
CN=ClickMeIn Ltd., O=ClickMeIn Ltd., L=Nicosia, C=CY

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B3329DE736323

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:fCFZcXgAidzkRlerxF/FEx+zagbqANGVrYPBkA0K:qFGXgAidzus1FdExrgbnkYV0

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9648

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove nsofe87.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.