Malware

Win32/NSSM.D potentially unsafe removal guide

Malware Removal

The Win32/NSSM.D potentially unsafe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/NSSM.D potentially unsafe virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/NSSM.D potentially unsafe?



File Info:

name: 022CB6F0DA7CB861E564.mlw
path: /opt/CAPEv2/storage/binaries/717286d0888e124de177e6a0aada9e64304dc46a512e007442e0b67a2ddba958
crc32: 7A336089
md5: 022cb6f0da7cb861e56415b5698d0f51
sha1: cc97e9b340dbb8a4c09d8a44705bc8f65bb513e1
sha256: 717286d0888e124de177e6a0aada9e64304dc46a512e007442e0b67a2ddba958
sha512: e218a2cb9ff0e4b9a1005137521ef4e68497c1d7c7222e68bb255960ab256a9504588b45096b5686ba040048df163bffd56960ccf0d30baecde3ab97e9bf150a
ssdeep: 98304:/Si9keUR1MHNfEC73gGiDPvLN8LDcy+zZkN:NtUR4NfWGqh8LIrZkN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11916013BB268A43EC46A0B3245B3D27049777E65A81A8C1F17F45C0FFF3A4611E3A656
sha3_384: 7f0059d60d5c4967897dbe4ab38e5ef5e265ecca2b323a3675c1b23ed176d986e38007118e8296ae51dc41d620cd0c1b
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2021-06-03 08:09:11


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: AmidaWare LLC                                               
FileDescription: Tactical RMM Agent Setup                                    
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Tactical RMM Agent                                          
ProductVersion: 1.6.2                                             
Translation: 0x0000 0x04b0

Win32/NSSM.D potentially unsafe also known as:

BkavW32.Common.D478E72A
CynetMalicious (score: 100)
SangforTrojan.Win32.Nssm.Vy87
ESET-NOD32a variant of Win32/NSSM.D potentially unsafe
NANO-AntivirusTrojan.Win32.NSSM.ezaxoj
AvastWin32:Malware-gen
DrWebTool.Nssm.3
MalwarebytesGeneric.Malware/Suspicious
RisingHackTool.NSSM!1.CABB (CLASSIC)
YandexTrojan.GenAsa!915POWkyE4E
FortinetRiskware/NSSM
AVGWin32:Malware-gen

How to remove Win32/NSSM.D potentially unsafe?

Win32/NSSM.D potentially unsafe removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment