» snsm528a.tmp
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)
Network (2)

snsm528a.tmp

The file snsm528a.tmp has been detected as a potentially unwanted program by 14 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Operating System WAN”. The file has been seen being downloaded from d1mdi78qyff344.cloudfront.net. While running, it connects to the Internet address dl19.clickmein.com on port 80 using the HTTP protocol.

File name:

snsm528a.tmp

MD5:

a67f8b71bee5338b4deab746438a4484

SHA-1:

f1b8ea971e6f90476d8f2343df5b57ecd0cf40a3

SHA-256:

f1a945a90fc7cbef54dd7f3a6cb877db633af292ec9d28338da17a5f17a2398c

Scanner detections:

14 / 68

Status:

Potentially unwanted

Analysis date:

5/16/2025 11:49:17 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2422297

610

Baidu Antivirus

Adware.Win32.ConvertAd

4.0.3.1565

Bitdefender

Trojan.GenericKD.2422297

1.0.20.780

Emsisoft Anti-Malware

Trojan.GenericKD.2422297

8.15.06.05.04

ESET NOD32

Win32/Adware.ConvertAd.PL (variant)

9.11659

F-Secure

Trojan.GenericKD.2422297

11.2015-05-06_6

G Data

Trojan.GenericKD.2422297

15.6.25

K7 AntiVirus

Adware

13.204.15977

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.1934

MicroWorld eScan

Trojan.GenericKD.2422297

16.0.0.468

nProtect

Trojan.GenericKD.2422297

15.05.20.01

Panda Antivirus

Trj/Genetic.gen

15.06.05.04

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Trend Micro House Call

Suspicious_GEN.F47V0520

7.2.156

File size:

125 KB (128,000 bytes)

Common path:

C:\users\{user}\appdata\local\b5dc9acd-1432036728-a846-9e0e-c13d16d86f33\snsm528a.tmp

File PE Metadata

Compilation timestamp:

5/19/2015 9:23:15 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:Jdn4iXbEciDWyaJzIZDRwbpGGB9x8ysMBmlWOHJ5kln1ubPalv/aIVUO:IqbEcaXuItRY1r8ysmmcqtbPalv/aI

Entry address:

0x9BCE

Entry point:

E8, 33, 50, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 58, 72, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, B0, 70, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 55, 08, 56, 57, 85, D2, 74, 07, 8B, 7D, 0C, 85, FF, 75, 13, E8, 63, 03, 00, 00, 6A, 16, 5E, 89, 30, E8, 05, 18, 00, 00, 8B, C6, EB, 33, 8B, 45... 
[+]

Code size:

85.5 KB (87,552 bytes)

Service

Display name:

Operating System WAN

Service name:

mihyfyzi

Description:

Repetitive Strain Injury Convert

Type:

Win32OwnProcess

The file snsm528a.tmp has been seen being distributed by the following URL.

http://d1mdi78qyff344.cloudfront.net/SU_Srv.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to dl19.clickmein.com (50.7.184.162:80)

TCP (HTTP):

Connects to dl21.clickmein.com (216.227.128.186:80)

Remove snsm528a.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.