» msnsusii.exe
Overview
Analysis
File Details

msnsusii.exe

Microsoft Windows 2000 Operating System

Test Company

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application msnsusii.exe, “Win32 Cabinet Self-Extractor ” by Test Company has been detected as a potentially unwanted program by 39 anti-malware scanners.

File name:

msnsusii.exe

Publisher:

Microsoft Corporation (signed by Test Company)

Product:

Microsoft(R) Windows (R) 2000 Operating System

Description:

Win32 Cabinet Self-Extractor

Version:

5.50.4134.600

MD5:

926be8ffef3a49bc26f5140aab8e448a

SHA-1:

b736ef0c87a7dbe70baf33ed1ea82425fdbf9d11

Scanner detections:

39 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 6:08:25 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Viking.AZ

360

Agnitum Outpost

Win32.Jadtre.Gen

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.08.11

Avira AntiVirus

TR/Patched.Gen

7.11.30.172

avast!

Sality

2014.9-160210

AVG

Win32/Agent

2017.0.2838

Baidu Antivirus

Virus.Win32.Qvod.$a

4.0.3.16210

Bitdefender

Win32.Viking.AZ

1.0.20.205

Bkav FE

W32.Cloda49.Trojan

1.3.0.4613

Clam AntiVirus

Virus.Qvod

0.98/20941

Comodo Security

Virus.Win32.Qvod.~Gen

23316

Dr.Web

Trojan.Starter.1410

9.0.1.041

Emsisoft Anti-Malware

Win32.Viking.AZ

8.16.02.10.10

ESET NOD32

Win32/Wapomi.A virus

10.7.0.302.0

Fortinet FortiGate

W32/Krypt.C!tr.bdr

2/10/2016

F-Prot

W32/Pikor.A

v6.4.6.5.141

F-Secure

Win32.Viking.AZ

11.2016-10-02_4

G Data

Win32:Sality

16.2.22

IKARUS anti.virus

Email-Worm.Win32.Runouce

t3scan.1.1.84.0

K7 AntiVirus

Virus

13.207.16840

Kaspersky

Virus.Win32.Qvod

14.0.0.683

McAfee

Virus.W32/Fujacks.be

5600.6494

Microsoft Security Essentials

Threat.Undefined

1.203.2586.0

MicroWorld eScan

Win32.Viking.AZ

17.0.0.123

NANO AntiVirus

Trojan.Win32.MulDrop2.ueccs

0.30.24.2487

Norman

Win32.Viking.AZ

11.20160210

nProtect

Win32.Viking.AZ

15.09.25.01

Panda Antivirus

W32/Bototer.B

16.02.10.10

Quick Heal

W32.Pikroms.A

2.16.14.00

Reason Heuristics

PUP.TestCompany (M)

16.2.10.10

Rising Antivirus

PE:Win32.KUKU.kt!1591113

23.00.65.16208

Sophos

Virus 'W32/Jadtre-B'

5.15

Total Defense

Win32/Wapomi.A

37.1.62.1

Trend Micro House Call

TROJ_GEN.R1CH1C8

7.2.41

Trend Micro

PE_SALITY.RL

10.465.10

Vba32 AntiVirus

Virus.Win32.Qvod.a

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

13512

ViRobot

Win32.Qvod.C[h]

2014.3.20.0

Zillya! Antivirus

Virus.Qvod.Win32.4

2.0.0.2418

File size:

1.3 MB (1,398,488 bytes)

Product version:

5.50.4134.600

Original file name:

WEXTRACT.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\msn\msncorefiles\install\msnsusii.exe

Digital Signature

Signed by:

Test Company

Authority:

Root Agency

Valid from:

4/5/2001 3:41:27 AM

Valid to:

1/1/2040 5:29:59 AM

Subject:

CN=Test Company

Issuer:

CN=Root Agency

Serial number:

B00160C2D80DAC824AC6A36808C3F360

File PE Metadata

Compilation timestamp:

6/7/2000 2:13:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

24576:TUR5kbjnCciOinOjLldsBjt8t2R8jpfZIg4mw6Ns/pZmBZOlnLyAuvTkM0XMXgP4:TGILDcO/fsBmLjRw6qpZmBZWyLaXMXW4

Entry address:

0x2891

Entry point:

78, 05, BA, CA, 2A, 9C, 1D, 0F, AF, FD, 8D, 0D, 34, C7, 44, AE, 69, C6, 74, 4D, 44, B9, 76, 02, 24, B8, 0F, AF, D1, 8A, CA, 0F, AF, F9, 69, C2, 85, AF, D9, E3, 76, 03, 0F, AF, EB, E8, 00, 00, 00, 00, 34, 6C, 89, CE, 0D, 91, 60, B3, A9, FE, C0, 85, DD, 70, 02, 1A, D8, 2B, ED, 8B, FF, BD, 53, 3D, 09, 00, 47, 1B, DD, 80, CF, EC, 81, F5, 0F, AA, 09, 00, 5E, 8A, CE, FE, C8, 69, DD, 78, 81, EC, 95, 09, EB, 47, F2, 8A, CE, 85, C8, 2D, 03, A0, FE, 9E, 41, 81, FB, B1, E2, 00, 00, 88, FF, 0F, AF, EE, 68, B6, 9F, 16... 
[+]

Entropy:

7.9668 (probably packed)

Code size:

34 KB (34,816 bytes)

Remove msnsusii.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.