MSRSAAP.EXE

Remote Service Application

Microsoft Corp.

The executable MSRSAAP.EXE has been detected as malware by 35 anti-virus scanners. The file has been seen being downloaded from ddtony.free.fr.
Publisher:
Microsoft Corp.

Product:
Remote Service Application

Version:
1, 0, 0, 1

MD5:
44e02a2b0d659d5304d69a4b4b2ddad9

SHA-1:
6b306e1b7996a339e082507f85fb1d5f59355bd3

SHA-256:
387b8b56cc3ad00322cd1b2e0de2fccd940950abfb9972b8bc7475caa274354c

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
6/29/2022 6:19:02 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Backdoor.Finlosky.Gen
7.1.1

AhnLab V3 Security
Backdoor/Win32.Graybird
2013.07.19

Avira AntiVirus
BDS/Backdoor.Gen
7.11.91.56

avast!
Win32:Flooder-GR [Trj]
2014.9-130829

AVG
BackDoor.Generic15
2014.0.3543

Bitdefender
Backdoor.SpyBot.DMW
1.0.20.1205

Comodo Security
TrojWare.Win32.Amtar.dk3
16612

Dr.Web
Trojan.Inject.62531
9.0.1.0241

Emsisoft Anti-Malware
Backdoor.Win32.DarkKomet
8.13.08.29.06

ESET NOD32
Win32/Fynloski.AA
7.8584

Fortinet FortiGate
W32/Delf.ABL!tr
8/29/2013

F-Prot
W32/Downloader.C.gen
v6.4.7.1.166

F-Secure
Backdoor.SpyBot.DMW
11.2013-29-08_5

G Data
Backdoor.SpyBot.DMW
13.8.22

IKARUS anti.virus
Trojan.Win32.CDur
t3scan.2.0.3.0

K7 AntiVirus
Backdoor
13.170.9046

Kaspersky
Backdoor.Win32.DarkKomet
14.0.0.3810

Malwarebytes
Backdoor.Agent.DCRSAGen
v2013.08.29.06

McAfee
Generic BackDoor.xa
5600.7181

Microsoft Security Essentials
VirTool:Win32/DelfInject.gen!BI
1.163.1557.0

NANO AntiVirus
Trojan.Win32.Finlosky.rqwlv
0.24.0.53571

Norman
Delf.GFRN
11.20130829

nProtect
Backdoor/W32.Finlosky.761856
13.07.19.03

Panda Antivirus
Generic Backdoor
13.08.29.06

Quick Heal
Backdoor.Finlosky.B4
8.13.12.00

Reason Heuristics
Unnamed.Threat.100
14.3.1.0

Rising Antivirus
Backdoor.Win32.Finlosky.a
23.00.65.13827

Sophos
Mal/Behav-058
4.91

SUPERAntiSpyware
Trojan.Agent/Gen-Fynloski
10708

Total Defense
Win32/Krademok.A
37.0.10498

Trend Micro House Call
TROJ_FYNLOSKI_0000000.TOMA
7.2.241

Trend Micro
TROJ_FYNLOSKI_0000000.TOMA
10.465.29

Vba32 AntiVirus
Backdoor.Finlosky
3.12.22.2

VIPRE Antivirus
Backdoor.Win32.Fynloski.A
19696

ViRobot
Backdoor.Win32.A.Finlosky.762368.A
2011.4.7.4223

File size:
744 KB (761,856 bytes)

Product version:
4, 0, 0, 0

Copyright:
Copyright (C) 1999

Original file name:
MSRSAAP.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\msrsaap.exe

File PE Metadata
Compilation timestamp:
1/15/2012 8:49:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:+8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixKnk:LUKoN0bUxgGa/pfBHDb+y1HgZek

Entry address:
0x8C87C

Entry point:
55, 8B, EC, B9, 28, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, AC, B9, 48, 00, E8, 10, AE, F7, FF, 33, C0, 55, 68, 33, D6, 48, 00, 64, FF, 30, 64, 89, 20, 6A, 00, E8, A7, 36, F8, FF, A1, 8C, 13, 49, 00, C6, 00, 01, E8, 2E, BA, FF, FF, B2, 01, A1, FC, B3, 48, 00, E8, CA, EB, FF, FF, 8B, D8, 8D, 4D, EC, BA, 4C, D6, 48, 00, 8B, C3, E8, 71, EC, FF, FF, 8B, 55, EC, A1, A8, 12, 49, 00, E8, A0, 8C, F7, FF, 8D, 4D, E8, BA, 58, D6, 48, 00, 8B, C3, E8, 55, EC, FF, FF, 8B, 55, E8, A1, 1C, 17, 49, 00, E8...
 
[+]

Entropy:
6.5050

Code size:
562.5 KB (576,000 bytes)

The file MSRSAAP.EXE has been seen being distributed by the following URL.

Remove MSRSAAP.EXE - Powered by Reason Core Security