» sin.exe
Overview
Analysis
File Details

sin.exe

Microsoft Windows Operating System

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable sin.exe, “System Tray Aplet” has been detected as malware by 39 anti-virus scanners.

File name:

sin.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft(R) Windows(R) Operating System

Description:

System Tray Aplet

Version:

4.10.222.0

MD5:

f56364054f6805a9897899def8c9264a

SHA-1:

33611574cb03c378e0c9e19dfb5dd1a3b6038483

SHA-256:

95a6983a97ac079fddf62b5cad7a7a373978b532f47ca6ba4717a7ef49525bf3

Scanner detections:

39 / 68

Status:

Malware

Analysis date:

4/26/2024 7:06:59 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.pmKfrWdNMngi

833

Agnitum Outpost

Backdoor.SubSeven

7.1.1

AhnLab V3 Security

Win-Trojan/SubSeven.Sin_v22

2014.09.23

Avira AntiVirus

BDS/Sub7-22.A.01

7.11.173.230

avast!

Win32:SubSeven-J [Trj]

2014.9-141025

AVG

BackDoor.Subseven

2015.0.3311

Baidu Antivirus

Backdoor.Win32.SubSeven

4.0.3.141025

Bitdefender

Gen:Trojan.Heur.pmKfrWdNMngi

1.0.20.1490

Bkav FE

W32.Clod3cc.Trojan

1.3.0.4959

Clam AntiVirus

Trojan.Sub7.Sin

0.98/21411

Comodo Security

Backdoor.Win32.SubSeven.2_2.A

19589

Dr.Web

BackDoor.SubSeven.22

9.0.1.0298

Emsisoft Anti-Malware

Gen:Trojan.Heur.pmKfrWdNMngi

8.14.10.25.09

ESET NOD32

Win32/SubSeven.2_2

8.10450

Fortinet FortiGate

W32/SubSeven.fam!tr

10/25/2014

F-Prot

W32/SubSeven.backdoor.v22a

v6.4.7.1.166

F-Secure

Gen:Trojan.Heur.pmKfrWdNMngi

11.2014-25-10_7

G Data

Gen:Trojan.Heur.pmKfrWdNMngi

14.10.24

IKARUS anti.virus

Backdoor.Win32.SubSeven

t3scan.1.7.8.0

K7 AntiVirus

Riskware

13.183.13451

Kaspersky

Backdoor.Win32.SubSeven.22

14.0.0.3048

Malwarebytes

Trojan.FakeMS.ED

v2014.10.25.09

McAfee

BackDoor-Sub7.cli

5600.6967

Microsoft Security Essentials

Backdoor:Win32/Subseven.A

1.11005

MicroWorld eScan

Gen:Trojan.Heur.pmKfrWdNMngi

15.0.0.894

NANO AntiVirus

Trojan.Win32.SubSeven.gazd

0.28.2.62286

Norman

SubSeven.2_2

11.20141025

nProtect

Backdoor/W32.SubSeven.250880.B

14.09.22.01

Panda Antivirus

Backdoor Program.LC

14.10.25.09

Qihoo 360 Security

Win32/Backdoor.a13

1.0.0.1015

Rising Antivirus

PE:Backdoor.SubSeven.dc!1074101428

23.00.65.141023

Sophos

Troj/Sub7-2.2

4.98

Total Defense

Win32/SubSeven!utility

37.0.11195

Trend Micro House Call

BKDR_SUBSEVEN.A

7.2.298

Trend Micro

BKDR_SUBSEVEN.A

10.465.25

Vba32 AntiVirus

Win32.SubSeven.2_2

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

33356

ViRobot

Backdoor.Win32.Subseven.250880

2011.4.7.4223

Zillya! Antivirus

Backdoor.SubSeven.Win32.24

2.0.0.1929

File size:

245 KB (250,880 bytes)

Product version:

4.10.2222

Original file name:

SYSTRAY.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\sin.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:yDCT8hWIZj7p41sUNDGmIlrFXHgvEZzc:yIMZR413imIlrF3Cm

Entry address:

0xAF950

Entry point:

60, BE, 00, 50, 47, 00, 8D, BE, 00, C0, F8, FF, C7, 87, D0, 04, 09, 00, AC, D8, 37, 55, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

236 KB (241,664 bytes)

Remove sin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.