home

93m79w.exe

Microsoft Windows Media Services

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable 93m79w.exe has been detected as malware by 35 anti-virus scanners.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Windows Media Services

Description:
MLS Migrate DLL

Version:
9.00.00.4503 (xpsp.080413-0845)

MD5:
2941f379e72798da4751e4b03d1f22e2

SHA-1:
49cd95a3a4c716ac53b725c0e84fcc345a6c26a6

SHA-256:
9898d9e994fc2fbba2b5edc09e8f71ef6c86618689ce4aacaf7c7f19905169fa

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
4/25/2024 7:08:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.554614
617

Agnitum Outpost
Backdoor.Simda
7.1.1

AhnLab V3 Security
Backdoor/Win32.Simda
2015.03.24

Avira AntiVirus
TR/Crypt.XPACK.Gen7
3.6.1.96

avast!
Win32:Dropper-gen [Drp]
2014.9-150528

AVG
Simda
2016.0.3095

Baidu Antivirus
Backdoor.Win32.Simda
4.0.3.15528

Bitdefender
Gen:Variant.Kazy.554614
1.0.20.740

Clam AntiVirus
Win.Trojan.Agent-847757
0.98/21511

Comodo Security
UnclassifiedMalware
21510

Dr.Web
Trojan.Rodricter.153
9.0.1.0148

Emsisoft Anti-Malware
Gen:Variant.Kazy.554614
8.15.05.28.06

ESET NOD32
Win32/Simda
9.11364

Fortinet FortiGate
W32/Simda.B!tr
5/28/2015

F-Secure
Gen:Variant.Kazy.554614
11.2015-28-05_5

G Data
Gen:Variant.Kazy.554614
15.5.25

IKARUS anti.virus
Trojan.Win32.Simda
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.202.15352

Kaspersky
Backdoor.Win32.Simda
14.0.0.1971

Malwarebytes
Trojan.Agent.FSAVXGen
v2015.05.28.06

McAfee
RDN/DNSChanger.bfr!f
5600.6751

Microsoft Security Essentials
Backdoor:Win32/Simda
1.1.11502.0

MicroWorld eScan
Gen:Variant.Kazy.554614
16.0.0.444

NANO AntiVirus
Trojan.Win32.Simda.dnxrcn
0.30.8.659

Norman
Simda.TMC
11.20150528

nProtect
Backdoor/W32.Simda.737792.C
15.03.23.01

Qihoo 360 Security
Win32/Trojan.cb1
1.0.0.1015

Quick Heal
Backdoor.Simda.r5
5.15.14.00

Sophos
Mal/Simda-V
4.98

Total Defense
Win32/Simda.XBbLWTC
37.0.11510

Trend Micro House Call
BKDR_SIMDA.SMEP
7.2.148

Trend Micro
TROJ_GEN.R047C0CC315
10.465.28

Vba32 AntiVirus
BScope.Malware-Cryptor.Hlux
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38698

Zillya! Antivirus
Backdoor.Simda.Win32.2283
2.0.0.2112

File size:
720.5 KB (737,792 bytes)

Product version:
9.00.00.4503

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
migrate.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\93m79w.exe

File PE Metadata
Compilation timestamp:
2/14/2015 1:39:24 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:pobXKdOeVz5CgOJD7Cmnr1khHCt3S64QRsMopw41:aYV8gOZ7xrKBCt3bwl

Entry address:
0xAF200

Entry point:
55, 8B, EC, 83, EC, 58, 57, C7, 45, FC, 00, 00, 00, 00, 68, C0, 62, 4B, 00, FF, 15, 20, 10, 4B, 00, FF, 15, 30, 10, 4B, 00, 8B, C9, 8B, 4D, 08, 8B, C9, 89, 0D, 3C, 63, 4B, 00, 89, 2D, 1C, 63, 4B, 00, C7, 05, 00, 63, 4B, 00, 1C, 00, 02, 00, C7, 45, B4, 00, 00, 00, 00, C7, 45, B0, CC, 62, 4B, 00, A1, 18, 10, 4B, 00, 89, 45, A8, 6A, 00, 68, 80, 00, 00, 00, 6A, 03, 6A, 00, 6A, 03, 6A, 01, 8B, 4D, B0, 51, FF, 55, A8, 89, 45, AC, 83, 7D, AC, FF, 74, 10, 83, 7D, AC, 00, 74, 0A, B8, 42, 00, 00, 00, E9, 51, 02, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
701 KB (717,824 bytes)

Startup File (User Run Once)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
93m79w

Command:
"C:\users\{user}\appdata\roaming\93m79w.exe" opt


Remove 93m79w.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.