GridinSoft Threat Intelligence

nsmF4EC.exe threat report

Detected as Adware.Gen File reputation report
MD5 02c162fd7706e887624dfcc410979355
Latest seen 2021-03-25 21:35:17 (5 years ago)
First seen 2017-06-20 22:01:53 (8 years ago)
Size 152 KB
Publisher Client Connect LTD
Product Search Protect

GridinSoft Anti-Malware detection

Detected by GridinSoft before you download

The current ThreatInfo record shows this exact file hash detected as Adware.Gen. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.

Detection name
Adware.Gen
Recommended action
Scan and remove
Last analysis
2021-03-25 21:35:17 (5 years ago)
File hash
02c162fd7706e887624dfcc410979355
Download Anti-Malware

Why it matters

Why GridinSoft flags this file

Detection

GridinSoft identifies the sample as Adware.Gen.

Timeline

First seen 2017-06-20 22:01:53 (8 years ago); latest analysis 2021-03-25 21:35:17 (5 years ago).

Publisher context

Company metadata: Client Connect LTD. Product metadata: Search Protect.

Aliases

This hash has appeared under multiple file names, which can happen with repackaging, bundling, or deliberate renaming.

Observed locations

ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.

Recommended action

What to do next

  1. Compare the MD5 above with the file found on the device.
  2. Check whether the file appears in the observed locations or under one of the alternate names.
  3. Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present.

File context

nsmF4EC.exe is a Windows file recorded in the ThreatInfo database. It is associated with Search Protect. The reported company name is Client Connect LTD. The current detection status is Adware.Gen, based on the latest analysis from 2021-03-25 21:35:17 (5 years ago).

If nsmF4EC.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Adware.Gen.

File Details

Product Name: Search Protect
Company Name: Client Connect LTD
MD5: 02c162fd7706e887624dfcc410979355
Size: 152 KB
First Published: 2017-06-20 22:01:53 (8 years ago)
Latest Published: 2021-03-25 21:35:17 (5 years ago)
Status: Adware.Gen (on last analysis)
Analysis Date: 2021-03-25 21:35:17 (5 years ago)

Detection screenshot

nsmF4EC.exe detection screenshot

The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.

Common Places:

%windir%\temp
%localappdata%\temp
%sysdrive%\windows.old\windows\temp
%sysdrive%\windows.old\users\tatin\appdata\local\temp
%temp%
%windir%
%sysdrive%\backup georg\os\users\georg\appdata\local
%sysdrive%\windows.old\users\cliente\appdata\local
%sysdrive%\windows.old\windows
%profile%\dministrator\impostazioni locali

ThreatInfo has observed nsmF4EC.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

File Names:

320 observed names
nsz3537.exe nsjD83A.exe nstA98C.exe nsoAB9E.exe nsaBE35.exe nsjB752.exe nstA4F9.exe nst28AA.exe nst6636.exe nseD230.exe nsdA9D9.exe nstDCCB.exe nst7D5D.exe nst5C75.exe nszE1AC.exe nsy2B38.exe nstE554.exe nsdF7DA.exe nsyAB31.exe nsy719A.exe nswE38E.exe nsv3DF1.exe nsr1124.exe nsp17B9.exe nsyDF81.exe nsn736F.exe nsjD2F3.exe nst8E13.exe nszFB3D.exe nst8146.exe nsoE9B6.exe nsu7B4.exe nsdFD95.exe nsj9CC5.exe nseF99F.exe nszF309.exe nsm1178.exe nsc1495.exe nsr44CB.exe nsw5FD6.exe nsw4893.exe nsq4F8B.exe nsm45D1.exe nsf4B56.exe nsqF40.exe nsfF347.exe nsr4331.exe nsh64CB.exe nsc6B71.exe nsv3E4B.exe nskF847.exe nsh6826.exe nsa5B0F.exe nsaE6AA.exe nsw4880.exe nsp80D7.exe nsvA659.exe nszCC0A.exe nspED5.exe nsp1E53.exe nsa63BD.exe nsr8CA9.exe nsjFC67.exe nsj74CD.exe nsp2A73.exe nsi5BF.exe nsa6485.exe nsaD430.exe nsb37A6.exe nss7673.exe nskF113.exe nsaDE49.exe nspC127.exe nsfFA13.exe nsoA907.exe nsy6330.exe nsx1785.exe nso4140.exe nsx4F91.exe nsa4C72.exe nslFC79.exe nsc8CA5.exe nsa4C39.exe nsyE7A4.exe nsz7F5A.exe nswE1E1.exe nsrBA1.exe nsg1746.exe nsbD0EF.exe nsb6A5A.exe nsg1217.exe nsh5563.exe nsm6654.exe nsn7A62.exe nsr7083.exe nsj801B.exe nsd6240.exe nsp6A8A.exe nskE1DB.exe nst5B3E.exe nso398A.exe nsy12E8.exe nstB188.exe nsd81F.exe nstE6DA.exe nsd13A3.exe nsr6DE3.exe nstE8AD.exe nst9EA4.exe nswA9BB.exe nsu5C56.exe nsoC085.exe nsc288A.exe nsw6EC3.exe nsn582B.exe nso6702.exe nsv5FEC.exe nssA9E3.exe nss8771.exe nsyA090.exe nsz2F91.exe nsh4660.exe nsc9E8.exe nshDFE.exe nsh4269.exe nsi7A66.exe nsvE84F.exe nsz27FD.exe nsf2A8E.exe nsh5FCF.exe nsz4CDF.exe nsz4FEC.exe nsr7D00.exe nsjE8DB.exe nsjF24E.exe nsy8D30.exe nsuCD60.exe nsj7693.exe nseF980.exe nsy8717.exe nsb9EAE.exe nsm625F.exe nsl58D3.exe nsrB9E.exe nsyFBC5.exe nsg9866.exe nsyA338.exe nsc5EC6.exe nsi5B6C.exe nswCAD2.exe nsr8AB9.exe nsmD05F.exe nsg5DE3.exe nsjDF0D.exe nssF2CE.exe nsr44D.exe nss6127.exe nsi589E.exe nscDCE3.exe nsa5822.exe nsy63A6.exe nsoA5D5.exe nsx98EF.exe nsuE567.exe nsxF0B0.exe nsaB034.exe nsh9393.exe nsqB917.exe nso93DB.exe nsxB3CE.exe nsdE59B.exe nsxE9C0.exe nsiB016.exe nsj710.exe nsp23A7.exe nso9512.exe nsi8678.exe nsiCDED.exe nsy2BAD.exe nsv8632.exe nswA718.exe nsdACB6.exe nsh9C77.exe nsjA1A8.exe nsm85.exe nsr7871.exe nso31FD.exe nsh7E4C.exe nsvCCA5.exe nssF9F0.exe nsc20ED.exe nsx25A2.exe nsmB982.exe nswA02.exe nst921A.exe nss1A8A.exe nssC2C7.exe nse8B08.exe nsr1A95.exe nsj2697.exe nssD203.exe nsi9B58.exe nsmCA92.exe nss6655.exe nsyF377.exe nsa3CE4.exe nswF55A.exe nsv49E0.exe nsgB898.exe nsk2F6C.exe nsk45FD.exe nsqB84A.exe nsg2B8B.exe nsoE6BA.exe nsaDAA.exe nswC79B.exe nss59D6.exe nsgCAF5.exe nsf1CB8.exe nspE8B7.exe nscDECA.exe nsf8FE.exe nsiCE99.exe nsg9C15.exe nsl387F.exe nsp25AD.exe nscDA85.exe nshF12.exe nsqDE11.exe nsl95BC.exe nsb8653.exe nsc1422.exe nsrD64F.exe nsiB770.exe nsqC0D0.exe nsmA02.exe nsvED53.exe nsoFFCA.exe nsj1992.exe nsb7CB2.exe nsd1C6A.exe nswC786.exe nsm3FF1.exe nshACE.exe nstA641.exe nsh6D96.exe nshFFD5.exe nsj1AF4.exe nsr97DF.exe nsr45E9.exe nsw625E.exe nsy87C.exe nsd6A69.exe nsoE286.exe nsiEC16.exe nsd3C68.exe nst94D4.exe nsyEBC8.exe nswEF23.exe nsc887C.exe nsgA07F.exe nswC4A3.exe nsd7A15.exe nsn95C7.exe nsn72B4.exe nsx8F02.exe nsgD6BD.exe nsh82EA.exe nsh9EC5.exe nsi6B44.exe nsh918B.exe nsqE603.exe nsn76B1.exe nsy1B7D.exe nsaDFE6.exe nsv90CD.exe nslB214.exe nsn36AE.exe nsnD8B.exe nsd51DB.exe nss6A4B.exe nsn285C.exe nsi2704.exe nsg8AA6.exe nsg6E51.exe nsq7591.exe nsq4A9A.exe nsl5EE5.exe nsy2412.exe nsg5F15.exe nscFF48.exe nsx1604.exe nsq9F9D.exe nsd367A.exe nsq5BAA.exe nsg6F7.exe nsvCDBD.exe nsg8D0F.exe nsg8A50.exe nslB878.exe nsn15D7.exe nsh207F.exe nsr4FD9.exe nsm7402.exe nsb78F3.exe nsw548C.exe nsg8FCE.exe nswBB76.exe nsbB52D.exe nsb7682.exe nsb523A.exe $R5OGS0X.exe $R22WYSO.exe nsy72D6.exe nshC324.exe nsj811A.exe nshB56D.exe nsn67CB.exe nsc2264.exe nsmF4EC.exe

This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.

Geographic signal

Observed country distribution

ThreatInfo has seen nsmF4EC.exe across 19 countries. Use this signal to compare local evidence with where the sample is most often reported.

Top country United States
Share 15.8%
Low High activity

The strongest geographic signal for this file is United States with 15.8% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 7 86.5%
Windows 8.1 6.4%
Windows 8 4.1%
Windows 10 3.1%

The most common operating system signal for nsmF4EC.exe is Windows 7 with 86.5% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

nsmF4EC.exe is identified as pe for 32-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Format pe
Architecture 32-bit
Subsystem Windows GUI
Entry point 0x00003415
Image base 0x00400000

PE Sections:

Sections 5
Raw data 130560

Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.

.text 26624 bytes · 20.4% of section data
MD5 cb807804553819b70f6e16b8a094d327
.rdata 6656 bytes · 5.1% of section data
MD5 161b329b4c70ce4fbd9c1143e738896b
.data 512 bytes · 0.4% of section data
MD5 140876ba314e7bc36379ee5c6db80876
.ndata 0 bytes · 0.0% of section data
Uncommon name
MD5 00000000000000000000000000000000
.rsrc 96768 bytes · 74.1% of section data
MD5 e517b674168828854d3b9d0320a57d7f

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

Report conclusion

GridinSoft detects this file as Adware.Gen

This report identifies nsmF4EC.exe by MD5 02c162fd7706e887624dfcc410979355. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.

Download GridinSoft Anti-Malware Scan the device and confirm whether this exact hash is present. Check this hash on VirusTotal

Recommended next steps

  • Compare the local file MD5 with 02c162fd7706e887624dfcc410979355.
  • Check the file path, publisher, and signature against the details in this report.
  • Run a GridinSoft scan and remove the object if the same hash is found.