» cryss.exe
Overview
Analysis
File Details
Behaviors (1)

cryss.exe

Server Runtime Application

Smartphone 2003 Privileged Test Signing Authority

The executable cryss.exe, “Server Run Application” has been detected as malware by 16 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘cryss’.

File name:

cryss.exe

Publisher:

Microsoft © Windows (signed by Smartphone 2003 Privileged Test Signing Authority)

Product:

Server Runtime Application

Description:

Server Run Application

Version:

16, 95, 2156, 456

MD5:

a9d71a4587a8a24a09deb7c0431e3b43

SHA-1:

42cdfe465ed996c546c215a8e994a82fea7dc24c

SHA-256:

8624f1b0c803e9fa44f40c9a2c62fc4587bab9a6a3403b3eda03a77764814ee9

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

4/25/2024 9:49:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BLZT

367

Agnitum Outpost

Trojan.DownLoad

7.1.1

Arcabit

Trojan.Agent.BLZT

1.0.0.637

avast!

Win32:Dropper-gen [Drp]

2014.9-160203

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.1623

Bitdefender

Trojan.Agent.BLZT

1.0.20.170

Emsisoft Anti-Malware

Trojan.Agent.BLZT

8.16.02.03.05

F-Secure

Trojan.Agent.BLZT

11.2016-03-02_4

G Data

Trojan.Agent.BLZT

16.2.25

IKARUS anti.virus

Trojan.Agent

t3scan.1.9.5.0

McAfee

RDN/Generic.dx

5600.6501

MicroWorld eScan

Trojan.Agent.BLZT

17.0.0.102

NANO AntiVirus

Trojan.Win32.DownLoad3.dxhdvv

1.0.14.5380

nProtect

Trojan.Agent.BLZT

15.12.31.01

Trend Micro

TROJ_GEN.R002C0OHS15

10.465.03

VIPRE Antivirus

Trojan.Win32.Generic

46230

File size:

97.8 KB (100,112 bytes)

Product version:

16, 95, 2156, 456

Original file name:

cryss.exe

File type:

Executable application (Win32 EXE)

Language:

English (India)

Digital Signature

Signed by:

Smartphone 2003 Privileged Test Signing Authority

Authority:

Smartphone 2003 Privileged Test Signing Authority

Valid from:

12/31/2002 12:00:00 AM

Valid to:

12/31/2022 12:00:00 AM

Subject:

CN=Smartphone 2003 Privileged Test Signing Authority

Issuer:

CN=Smartphone 2003 Privileged Test Signing Authority

Serial number:

7244EE1C733B4495409CB43D193B4043

File PE Metadata

Compilation timestamp:

11/18/2013 9:24:29 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:nkaVHzN+dqmOzmR/EuLiloUkmyeA5pxGctR:lVHUMmamR/9Li+Ay1xrR

Entry address:

0x5422

Entry point:

E8, 22, 7E, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C... 
[+]

Entropy:

6.2721

Code size:

66 KB (67,584 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

cryss

Command:

C:\wins\system\cryss.exe

Remove cryss.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.