» nsyf163.tmp.exe
Overview
Analysis
File Details
Downloads (3)

nsyf163.tmp.exe

NANO Antivirus

NANO Security Ltd

This is a setup and installation application. The file has been seen being downloaded from www.nanoav.ru and multiple other hosts.

File name:

nsyf163.tmp.exe

Publisher:

NANO Security (signed by NANO Security Ltd)

Product:

NANO Antivirus

Description:

NANO Antivirus setup

Version:

0.30.0.65070

MD5:

116d81dddd9f5c313bd449385854900a

SHA-1:

7e7e812cd375cf1e6da15a97dac52a076bb6171a

SHA-256:

1cef6e341c867d2961e8a5819c90bd423057c36543120e7b9bd511b2098fba7d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 11:45:54 PM UTC (a few moments ago)

File size:

7.6 MB (7,976,024 bytes)

Product version:

0.30.0.65070

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\nsyf163.tmp.exe

Digital Signature

Signed by:

NANO Security Ltd

Authority:

VeriSign, Inc.

Valid from:

4/23/2013 5:00:00 PM

Valid to:

5/23/2016 4:59:59 PM

Subject:

CN=NANO Security Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NANO Security Ltd, L=Bryansk, S=Bryansk, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

54F60D29F25B5142240D8AA5C3509AF0

File PE Metadata

Compilation timestamp:

7/18/2014 12:00:44 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:xoOpHL9Y9W/u+L/bgSSJiox9+DtzTDA2JR:ZoqLDE34zTDAOR

Entry address:

0x1154

Entry point:

E9, 6A, 34, 00, 00, E9, 64, 62, 00, 00, E9, C4, 82, 00, 00, E9, 02, 63, 00, 00, E9, 07, 62, 00, 00, E9, 00, 6A, 00, 00, E9, 5A, 63, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC... 
[+]

Entropy:

7.9846

Packer / compiler:

Xtreme-Protector v1.05

Code size:

42 KB (43,008 bytes)

The file nsyf163.tmp.exe has been seen being distributed by the following 3 URLs.

http://www.nanoav.ru/.../setup.exe

http://dontreg.ru/go.php?link=http://www.nanoav.ru/.../setup.exe

http://external.comss.ru/url.php?url=http://dl4.comss.ru/.../NANO_setup.exe

Scan nsyf163.tmp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.