» msnsusii.exe
Overview
Analysis
File Details

msnsusii.exe

Microsoft Windows 2000 Operating System

Test Company

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application msnsusii.exe, “Win32 Cabinet Self-Extractor ” by Test Company has been detected as a potentially unwanted program by 39 anti-malware scanners.

File name:

msnsusii.exe

Publisher:

Microsoft Corporation (signed by Test Company)

Product:

Microsoft(R) Windows (R) 2000 Operating System

Description:

Win32 Cabinet Self-Extractor

Version:

5.50.4134.600

MD5:

3fa09e0810aed2e5441587fbed725d40

SHA-1:

cb411eed914c2c821248208688b56f7a00db458a

Scanner detections:

39 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 1:57:16 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Viking.AZ

354

Agnitum Outpost

Win32.Jadtre.Gen

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.08.11

Avira AntiVirus

TR/Patched.Gen

7.11.30.172

avast!

Sality

2014.9-160215

AVG

Win32/Agent

2017.0.2832

Baidu Antivirus

Virus.Win32.Qvod.$a

4.0.3.16215

Bitdefender

Win32.Viking.AZ

1.0.20.230

Bkav FE

W32.Cloda49.Trojan

1.3.0.4613

Clam AntiVirus

Virus.Qvod

0.98/20941

Comodo Security

Virus.Win32.Qvod.~Gen

23316

Dr.Web

Trojan.Starter.1410

9.0.1.046

Emsisoft Anti-Malware

Win32.Viking.AZ

8.16.02.15.01

ESET NOD32

Win32/Wapomi.A virus

10.7.0.302.0

Fortinet FortiGate

W32/Krypt.C!tr.bdr

2/15/2016

F-Prot

W32/Pikor.A

v6.4.6.5.141

F-Secure

Win32.Viking.AZ

11.2016-15-02_2

G Data

Win32:Sality

16.2.22

IKARUS anti.virus

Email-Worm.Win32.Runouce

t3scan.1.1.84.0

K7 AntiVirus

Virus

13.207.16840

Kaspersky

Virus.Win32.Qvod

14.0.0.657

McAfee

Virus.W32/Fujacks.be

5600.6488

Microsoft Security Essentials

Threat.Undefined

1.203.2586.0

MicroWorld eScan

Win32.Viking.AZ

17.0.0.138

NANO AntiVirus

Trojan.Win32.MulDrop2.ueccs

0.30.24.2487

Norman

Win32.Viking.AZ

11.20160215

nProtect

Win32.Viking.AZ

15.09.25.01

Panda Antivirus

W32/Bototer.B

16.02.15.01

Quick Heal

W32.Pikroms.A

2.16.14.00

Reason Heuristics

PUP.TestCompany (M)

16.2.15.13

Rising Antivirus

PE:Win32.KUKU.kt!1591113

23.00.65.16213

Sophos

Virus 'W32/Jadtre-B'

5.15

Total Defense

Win32/Wapomi.A

37.1.62.1

Trend Micro House Call

TROJ_GEN.R1CH1C8

7.2.46

Trend Micro

PE_SALITY.RL

10.465.15

Vba32 AntiVirus

Virus.Win32.Qvod.a

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

13512

ViRobot

Win32.Qvod.C[h]

2014.3.20.0

Zillya! Antivirus

Virus.Qvod.Win32.4

2.0.0.2418

File size:

1.3 MB (1,406,680 bytes)

Product version:

5.50.4134.600

Original file name:

WEXTRACT.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\msn\msncorefiles\install\msnsusii.exe

Digital Signature

Signed by:

Test Company

Authority:

Root Agency

Valid from:

4/5/2001 12:11:27 AM

Valid to:

1/1/2040 1:59:59 AM

Subject:

CN=Test Company

Issuer:

CN=Root Agency

Serial number:

B00160C2D80DAC824AC6A36808C3F360

File PE Metadata

Compilation timestamp:

6/6/2000 11:43:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

24576:QUR5kbjnCciOinOjLldsBjt8t2R8jpfZIg4mw6Ns/pZmBZOlnLyAuvTkM0XMXgPT:QGILDcO/fsBmLjRw6qpZmBZWyLaXMXWT

Entry address:

0x2891

Entry point:

60, FF, CF, 76, 0A, B7, F0, 0A, E1, F7, C6, 3A, 47, C9, 01, 73, 02, 08, E6, 68, BD, F8, B1, 00, 68, 07, FC, FD, 00, 71, 08, B7, 6B, F7, C1, 86, A2, 9A, 03, 0F, BE, D3, 0F, B7, CF, 8A, DF, 84, DE, E8, 3B, 00, 00, 00, 85, C0, 81, FB, E8, 32, 00, 00, 74, 0B, 69, D8, B0, EB, CF, 68, B6, 13, 0F, BF, F0, 3B, C2, 78, 0B, 0F, AF, E8, 69, E9, 54, 6D, C7, 95, 89, C0, 81, C7, 04, D2, F2, FF, BA, 7C, 9A, 02, 6E, 8D, 1D, 7E, 96, 06, A3, 81, C7, 4B, EA, 0D, 00, 5A, 0F, AF, F0, 0F, AF, EA, 8A, EA, F2, 0F, AF, EB, 8D, 2D... 
[+]

Entropy:

7.9667 (probably packed)

Code size:

34 KB (34,816 bytes)

Remove msnsusii.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.