GridinSoft Threat Intelligence

nsxFF.exe threat report

Detected as Adware.Gen File reputation report

» File
File Details
Overview
Analysis

Status Adware.Gen

Identity c67bcf6441e378371f0d6eefb7ef0861

Source GridinSoft ThreatInfo

MD5 c67bcf6441e378371f0d6eefb7ef0861

Latest seen 2021-03-25 21:35:21 (5 years ago)

First seen 2017-06-20 22:01:55 (8 years ago)

Size 163 KB

Publisher Conduit

Product Search Protect

Analyst brief

What this report says

GridinSoft Anti-Malware detects nsxFF.exe as Adware.Gen. The sample was last observed on 2021-03-25 21:35:21 (5 years ago) and reports publisher metadata associated with Conduit / Search Protect.

This page combines the detection verdict with file identity, publisher metadata, alternate names, observed paths, geography, OS signals, and PE details so the report reads as a triage record rather than a standalone download page.

GridinSoft Anti-Malware detection

Detected by GridinSoft before you download

The current ThreatInfo record shows this exact file hash detected as Adware.Gen. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.

Detection name: Adware.Gen
Recommended action: Scan and remove
Last analysis: 2021-03-25 21:35:21 (5 years ago)
File hash: c67bcf6441e378371f0d6eefb7ef0861

Download Anti-Malware

Why it matters

Why GridinSoft flags this file

Detection

GridinSoft identifies the sample as Adware.Gen.

Timeline

First seen 2017-06-20 22:01:55 (8 years ago); latest analysis 2021-03-25 21:35:21 (5 years ago).

Publisher context

Company metadata: Conduit. Product metadata: Search Protect.

Aliases

This hash has appeared under multiple file names, which can happen with repackaging, bundling, or deliberate renaming.

Observed locations

ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.

Recommended action

What to do next

Compare the MD5 above with the file found on the device.
Check whether the file appears in the observed locations or under one of the alternate names.
Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present.

File context

nsxFF.exe is a Windows file recorded in the ThreatInfo database. It is associated with Search Protect. The reported company name is Conduit. The current detection status is Adware.Gen, based on the latest analysis from 2021-03-25 21:35:21 (5 years ago).

If nsxFF.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Adware.Gen.

File Details

Main Info:

Product Name:	Search Protect
Company Name:	Conduit
MD5:	c67bcf6441e378371f0d6eefb7ef0861
Size:	163 KB
First Published:	2017-06-20 22:01:55 (8 years ago)
Latest Published:	2021-03-25 21:35:21 (5 years ago)

Analysis:

Status:	Adware.Gen (on last analysis)
Analysis Date:	2021-03-25 21:35:21 (5 years ago)

Detection screenshot

The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.

Common Places:

%localappdata%\temp

%windir%\temp

%sysdrive%\old hd\users\fferguson\appdata\local\temp

%windir%

%temp%

%desktop%\disco madafakin duro\copias pcs\sara\users\sara\appdata\local

ThreatInfo has observed nsxFF.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

File Names:

194 observed names

nsvD716.exe nsvD4A5.exe nsq859B.exe nsq82DC.exe nsrCB0F.exe nsrD36A.exe nse452E.exe nseC8B0.exe nsn6E8D.exe nsoE821.exe nsx3498.exe nsfA23C.exe nseD731.exe nso59A9.exe nseD730.exe nsjE850.exe nsw96E6.exe nsrD36B.exe nsx3497.exe nsn6E8C.exe nsk16BF.exe nsq96C6.exe nst4BF2.exe nsj454D.exe nst4BF3.exe nsjC8CF.exe nsk482A.exe nsaA132.exe nso5D9F.exe nsp6ED0.exe nso127C.exe nse128C.exe nseC603.exe nsn4C01.exe nss4D59.exe nsnA98D.exe nsy6617.exe nspE5E3.exe nsg81AA.exe nswF611.exe nskEFEB.exe nslB467.exe nsfE5F3.exe nsr4A6F.exe nsx4A41.exe nsyED3B.exe nsbB3DB.exe nst1530.exe nsbF768.exe nsr629C.exe nsgCD89.exe nsv81B9.exe nsr5F34.exe nsgAD06.exe nsc530E.exe nsaC853.exe nsl86BF.exe nsv4DBE.exe nsoC46B.exe nstB6B3.exe nsv68FA.exe nsmAF49.exe nsj81DB.exe nsrB20B.exe nskAB01.exe nsf842E.exe nsrB20C.exe nst63C9.exe nsi48EA.exe nsgF07A.exe nsw1431.exe nss6E40.exe nss1AD4.exe nsq504B.exe nsd65F7.exe nsn6FF6.exe nsa8F3A.exe nsa9D7.exe nsl54BF.exe nsnC102.exe nslEA9.exe nsg5981.exe nss1AC4.exe nsg516.exe nssDBA3.exe nsd6C10.exe nsj9447.exe nsoE709.exe nsp6E80.exe nsj5821.exe nst801C.exe nsoE708.exe nsu6D67.exe nso9418.exe nso3509.exe nsyA651.exe nsz57E3.exe nsyA9F9.exe nsb697D.exe nsmB9E2.exe nsw20AC.exe nsw6DF1.exe nsg735E.exe nsmB54F.exe nsmBD8B.exe nsuD256.exe nsuD257.exe nsk24AB.exe nsz3A0E.exe nskC170.exe nsu1441.exe nsy165F.exe nsu176D.exe nsk61B5.exe nsd56D.exe nsy1A07.exe nsrE5F.exe nsjFD47.exe nskC171.exe nsh382E.exe nsjFD48.exe nso55E.exe nshC5E1.exe nscFB62.exe nst93BE.exe nsh9522.exe nsh8375.exe nsy60F9.exe nsq3E7A.exe nsrA22C.exe nsm8346.exe nsc9F11.exe nsr94C4.exe nsx49E0.exe nsm7C44.exe nsf4EFE.exe nscE525.exe nshFBCF.exe nsh96E6.exe nsm7B0C.exe nsi9024.exe nscC5C2.exe nsxE15E.exe nsy5D50.exe nsl7393.exe nsqA8B.exe nsq88BA.exe nsl7FC4.exe nsv185.exe nsq1362.exe nsz244E.exe nsq46A6.exe nse2690.exe nslE998.exe nsx9DFB.exe nslE775.exe nsjF80A.exe nsoF5B8.exe nse21FC.exe nsyFA8A.exe nscEC6A.exe nsaDAC8.exe nsaF635.exe nsbC3CF.exe nsc1364.exe nsbFD18.exe nsnA94E.exe nsx3128.exe nss30B5.exe nss1384.exe nsl4280.exe nsy20DC.exe nsg9E26.exe nsd900C.exe nsd205F.exe nsx8B13.exe nsj57A6.exe nsd2CFE.exe nsd5B7C.exe nsr75BF.exe nsx69ED.exe nsx7F90.exe nsh7BD8.exe nsx69FC.exe nso8615.exe nsxBEA2.exe nsc7E1.exe nst6B15.exe nsr75AF.exe nsmDFF7.exe nsi4D1A.exe nshBE05.exe nsd5056.exe nsxFF.exe

This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.

Geographic signal

Observed country distribution

ThreatInfo has seen nsxFF.exe across 15 countries. Use this signal to compare local evidence with where the sample is most often reported.

Top country United States

Share 16.7%

Low High activity

Top observed countries

16.7%

16.4%

16.1%

9.0%

8.0%

The strongest geographic signal for this file is United States with 16.7% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 7 75.6%

Windows 8.1 13.0%

Windows 10 11.4%

The most common operating system signal for nsxFF.exe is Windows 7 with 75.6% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

PE Info:

nsxFF.exe is identified as pe for 32-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Format pe

Architecture 32-bit

Subsystem Windows GUI

Entry point 0x000038af

Image base 0x00400000

PE Sections:

Sections 6

Raw data 142336

Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.

.text 29696 bytes · 20.9% of section data

MD5 419d4e1be1ac35a5db9c47f553b27cea

.rdata 11264 bytes · 7.9% of section data

MD5 cca1ca3fbf99570f6de9b43ce767f368

.data 512 bytes · 0.4% of section data

MD5 77f0839f8ebea31040e462523e1c770e

.ndata 0 bytes · 0.0% of section data

Uncommon name

MD5 00000000000000000000000000000000

.rsrc 96768 bytes · 68.0% of section data

MD5 2cf9c2420761455e2decc5ff8a8f30c8

.reloc 4096 bytes · 2.9% of section data

MD5 97427e35174386535850697534bf2cfa

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

Report conclusion

GridinSoft detects this file as Adware.Gen

This report identifies nsxFF.exe by MD5 c67bcf6441e378371f0d6eefb7ef0861. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.

Download GridinSoft Anti-Malware Scan the device and confirm whether this exact hash is present. Check this hash on VirusTotal

Recommended next steps

Compare the local file MD5 with c67bcf6441e378371f0d6eefb7ef0861.
Check the file path, publisher, and signature against the details in this report.
Run a GridinSoft scan and remove the object if the same hash is found.