» msnsusii.exe
Overview
Analysis
File Details

msnsusii.exe

Microsoft Windows 2000 Operating System

Test Company

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application msnsusii.exe, “Win32 Cabinet Self-Extractor ” by Test Company has been detected as a potentially unwanted program by 39 anti-malware scanners.

File name:

msnsusii.exe

Publisher:

Microsoft Corporation (signed by Test Company)

Product:

Microsoft(R) Windows (R) 2000 Operating System

Description:

Win32 Cabinet Self-Extractor

Version:

5.50.4134.600

MD5:

d1e59bfe2d847e9e472b7c0245d86dc5

SHA-1:

80b5580664ffabe855f613b87a30654947323b15

Scanner detections:

39 / 68

Status:

Potentially unwanted

Analysis date:

4/16/2024 4:53:40 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Viking.AZ

355

Agnitum Outpost

Win32.Jadtre.Gen

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.08.11

Avira AntiVirus

TR/Patched.Gen

7.11.30.172

avast!

Sality

2014.9-160215

AVG

Win32/Agent

2017.0.2833

Baidu Antivirus

Virus.Win32.Qvod.$a

4.0.3.16215

Bitdefender

Win32.Viking.AZ

1.0.20.230

Bkav FE

W32.Cloda49.Trojan

1.3.0.4613

Clam AntiVirus

Virus.Qvod

0.98/20941

Comodo Security

Virus.Win32.Qvod.~Gen

23316

Dr.Web

Trojan.Starter.1410

9.0.1.046

Emsisoft Anti-Malware

Win32.Viking.AZ

8.16.02.15.02

ESET NOD32

Win32/Wapomi.A virus

10.7.0.302.0

Fortinet FortiGate

W32/Krypt.C!tr.bdr

2/15/2016

F-Prot

W32/Pikor.A

v6.4.6.5.141

F-Secure

Win32.Viking.AZ

11.2016-15-02_2

G Data

Win32:Sality

16.2.22

IKARUS anti.virus

Email-Worm.Win32.Runouce

t3scan.1.1.84.0

K7 AntiVirus

Virus

13.207.16840

Kaspersky

Virus.Win32.Qvod

14.0.0.660

McAfee

Virus.W32/Fujacks.be

5600.6489

Microsoft Security Essentials

Threat.Undefined

1.203.2586.0

MicroWorld eScan

Win32.Viking.AZ

17.0.0.138

NANO AntiVirus

Trojan.Win32.MulDrop2.ueccs

0.30.24.2487

Norman

Win32.Viking.AZ

11.20160215

nProtect

Win32.Viking.AZ

15.09.25.01

Panda Antivirus

W32/Bototer.B

16.02.15.02

Quick Heal

W32.Pikroms.A

2.16.14.00

Reason Heuristics

PUP.TestCompany (M)

16.2.15.2

Rising Antivirus

PE:Win32.KUKU.kt!1591113

23.00.65.16213

Sophos

Virus 'W32/Jadtre-B'

5.15

Total Defense

Win32/Wapomi.A

37.1.62.1

Trend Micro House Call

TROJ_GEN.R1CH1C8

7.2.46

Trend Micro

PE_SALITY.RL

10.465.15

Vba32 AntiVirus

Virus.Win32.Qvod.a

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

13512

ViRobot

Win32.Qvod.C[h]

2014.3.20.0

Zillya! Antivirus

Virus.Qvod.Win32.4

2.0.0.2418

File size:

1.3 MB (1,406,680 bytes)

Product version:

5.50.4134.600

Original file name:

WEXTRACT.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\msn\msncorefiles\install\msnsusii.exe

Digital Signature

Signed by:

Test Company

Authority:

Root Agency

Valid from:

4/5/2001 5:11:27 AM

Valid to:

1/1/2040 6:59:59 AM

Subject:

CN=Test Company

Issuer:

CN=Root Agency

Serial number:

B00160C2D80DAC824AC6A36808C3F360

File PE Metadata

Compilation timestamp:

6/7/2000 3:43:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

24576:gUR5kbjnCciOinOjLldsBjt8t2R8jpfZIg4mw6Ns/pZmBZOlnLyAuvTkM0XMXgP+:gGILDcO/fsBmLjRw6qpZmBZWyLaXMXW+

Entry address:

0x2891

Entry point:

85, DA, 70, 09, F7, C1, D8, 93, 2D, D7, 4B, 22, E5, 8A, EF, 41, 14, 7E, F6, C7, 9B, 25, 53, E2, 87, F5, 84, E6, 42, 0F, B7, F8, 81, EB, 0F, F7, 00, 00, 45, 86, E1, 11, C0, 81, FF, A8, 8F, 00, 00, 78, 09, C7, C3, EA, F9, 64, 3E, F6, C3, 4C, 11, C2, F3, E8, 00, 00, 00, 00, 5A, 48, 86, E8, 19, C5, 8D, 2D, 9A, 69, AB, 36, 87, C0, F6, C3, 0C, 81, D7, 2E, 04, 6B, D6, 81, C2, 16, 48, 14, 00, 81, FF, A0, EF, 00, 00, 73, 04, B1, B1, B7, 86, 0F, AF, C3, 87, C7, 80, D3, 0B, 28, EC, F3, C7, C5, 2E, 3D, 92, 15, 8D, 3D... 
[+]

Code size:

34 KB (34,816 bytes)

Remove msnsusii.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.