» msnsusii.exe
Overview
Analysis
File Details

msnsusii.exe

Microsoft Windows 2000 Operating System

Test Company

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application msnsusii.exe, “Win32 Cabinet Self-Extractor ” by Test Company has been detected as a potentially unwanted program by 39 anti-malware scanners.

File name:

msnsusii.exe

Publisher:

Microsoft Corporation (signed by Test Company)

Product:

Microsoft(R) Windows (R) 2000 Operating System

Description:

Win32 Cabinet Self-Extractor

Version:

5.50.4134.600

MD5:

613621e63225dd6e7f1a874d433e3e71

SHA-1:

104daf66c3a5b8a7e65d68f2863327e1a724e7fe

Scanner detections:

39 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 9:55:49 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Viking.AZ

361

Agnitum Outpost

Win32.Jadtre.Gen

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.08.11

Avira AntiVirus

TR/Patched.Gen

7.11.30.172

avast!

Sality

2014.9-160209

AVG

Win32/Agent

2017.0.2839

Baidu Antivirus

Virus.Win32.Qvod.$a

4.0.3.1629

Bitdefender

Win32.Viking.AZ

1.0.20.200

Bkav FE

W32.Cloda49.Trojan

1.3.0.4613

Clam AntiVirus

Virus.Qvod

0.98/20941

Comodo Security

Virus.Win32.Qvod.~Gen

23316

Dr.Web

Trojan.Starter.1410

9.0.1.040

Emsisoft Anti-Malware

Win32.Viking.AZ

8.16.02.09.03

ESET NOD32

Win32/Wapomi.A virus

10.7.0.302.0

Fortinet FortiGate

W32/Krypt.C!tr.bdr

2/9/2016

F-Prot

W32/Pikor.A

v6.4.6.5.141

F-Secure

Win32.Viking.AZ

11.2016-09-02_3

G Data

Win32:Sality

16.2.22

IKARUS anti.virus

Email-Worm.Win32.Runouce

t3scan.1.1.84.0

K7 AntiVirus

Virus

13.207.16840

Kaspersky

Virus.Win32.Qvod

14.0.0.689

McAfee

Virus.W32/Fujacks.be

5600.6495

Microsoft Security Essentials

Threat.Undefined

1.203.2586.0

MicroWorld eScan

Win32.Viking.AZ

17.0.0.120

NANO AntiVirus

Trojan.Win32.MulDrop2.ueccs

0.30.24.2487

Norman

Win32.Viking.AZ

11.20160209

nProtect

Win32.Viking.AZ

15.09.25.01

Panda Antivirus

W32/Bototer.B

16.02.09.03

Quick Heal

W32.Pikroms.A

2.16.14.00

Reason Heuristics

PUP.TestCompany (M)

16.2.9.3

Rising Antivirus

PE:Win32.KUKU.kt!1591113

23.00.65.16207

Sophos

Virus 'W32/Jadtre-B'

5.15

Total Defense

Win32/Wapomi.A

37.1.62.1

Trend Micro House Call

TROJ_GEN.R1CH1C8

7.2.40

Trend Micro

PE_SALITY.RL

10.465.09

Vba32 AntiVirus

Virus.Win32.Qvod.a

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

13512

ViRobot

Win32.Qvod.C[h]

2014.3.20.0

Zillya! Antivirus

Virus.Qvod.Win32.4

2.0.0.2418

File size:

1.3 MB (1,398,488 bytes)

Product version:

5.50.4134.600

Original file name:

WEXTRACT.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\msn\msncorefiles\install\msnsusii.exe

Digital Signature

Signed by:

Test Company

Authority:

Root Agency

Valid from:

4/5/2001 3:41:27 AM

Valid to:

1/1/2040 5:29:59 AM

Subject:

CN=Test Company

Issuer:

CN=Root Agency

Serial number:

B00160C2D80DAC824AC6A36808C3F360

File PE Metadata

Compilation timestamp:

6/7/2000 2:13:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

24576:eUR5kbjnCciOinOjLldsBjt8t2R8jpfZIg4mw6Ns/pZmBZOlnLyAuvTkM0XMXgPQ:eGILDcO/fsBmLjRw6qpZmBZWyLaXMXWQ

Entry address:

0x2891

Entry point:

55, 8B, EC, 83, EC, 44, 56, FF, 15, DC, 10, 00, 01, 8B, F0, 8A, 06, 3C, 22, 75, 14, 8A, 46, 01, 46, 84, C0, 74, 04, 3C, 22, 75, F4, 80, 3E, 22, 75, 0D, 46, EB, 0A, 3C, 20, 7E, 06, 46, 80, 3E, 20, 7F, FA, 8A, 06, 84, C0, 74, 07, 3C, 20, 7F, 03, 46, EB, F3, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, D8, 10, 00, 01, F6, 45, E8, 01, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF, 15, 60, 11, 00, 01, 50, E8, 0E, 00, 00, 00, 8B, F0, 56, FF, 15, D0, 10, 00, 01, 8B, C6, 5E, C9, C3, 56, 33, F6... 
[+]

Entropy:

7.7885

Developed / compiled with:

Microsoft Visual C++

Code size:

34 KB (34,816 bytes)

Remove msnsusii.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.