» nsz7dbb.tmp
Overview
Analysis
File Details
Network (1)

nsz7dbb.tmp

The file nsz7dbb.tmp has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. While running, it connects to the Internet address parsers.ru on port 80 using the HTTP protocol.

File name:

nsz7dbb.tmp

MD5:

ab01bd7dff4b3bb615da269b81ceb858

SHA-1:

b846f3b7d1c4fbd99da4c5c3e0c1145efc4a0d68

SHA-256:

3eb5285d0b0c61167c9c9c4ccec77623d4e199353d4560ff1d1d0b70e45a134b

Scanner detections:

6 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/25/2024 5:53:07 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

PUA.Win32.VMDetector

4.0.3.1482

Dr.Web

Threat.Undefined

9.0.1.05190

ESET NOD32

Win32/InstallMonetizer.BC

8.10193

Malwarebytes

PUP.Optional.Installcore

v2014.08.02.08

Rising Antivirus

NS:PUF.SilenceInstaller!1.9DDF

23.00.65.14731

Trend Micro House Call

Suspicious_GEN.F47V0802

7.2.214

File size:

242.2 KB (248,009 bytes)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\nsz7dbb.tmp

File PE Metadata

Compilation timestamp:

12/5/2009 4:52:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:6FJ0WjmRXjONOD7pJ59ExJuAZyt5q2pd5A8WwUO:cOXaNu7pB6ybJd5A8z

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.8563

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to parsers.ru (185.22.234.22:80)

Remove nsz7dbb.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.