home

smsss.exe

The executable smsss.exe has been detected as malware by 5 anti-virus scanners. While running, it connects to the Internet address hosting.vali.bg on port 25.
MD5:
fd6e30f76652f4fa3a68585eea70dd71

SHA-1:
1b9f450999f855e0e94500730d79254160ffb23b

SHA-256:
7897a5e183403227da1349e21f96ee153579bf353505c1042389528d2c528ba0

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
5/8/2024 12:13:15 PM UTC  (today)

Scan engine
Detection
Engine version

Bitdefender
Gen:Variant.Jaik.5961
1.0.20.210

Emsisoft Anti-Malware
Gen:Variant.Jaik.5961
8.15.02.11.12

ESET NOD32
Win32/Kryptik.CYAY (variant)
9.11160

G Data
Gen:Variant.Jaik.5961
15.2.25

MicroWorld eScan
Gen:Variant.Jaik.5961
16.0.0.126

File size:
144 KB (147,456 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\smsss.exe

File PE Metadata
Compilation timestamp:
4/18/2061 4:00:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.10

CTPH (ssdeep):
1536:sbXuRpWGjS+Xi5tYYW9Kn1YaFp+g4wd9iPqDEKSVO8BkphFg2gncde/A+:0uZXoVWQn1BpzBiPFK2fkMcdu

Entry address:
0x17200

Entry point:
55, 8B, EC, 6A, FF, 68, 58, FA, 41, 00, 68, 08, D0, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, C4, A8, 53, 56, 57, 89, 65, E8, FF, 15, 60, E0, 41, 00, 33, D2, 8A, D4, 89, 15, B4, 52, 42, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, B0, 52, 42, 00, C1, E1, 08, 03, CA, 89, 0D, AC, 52, 42, 00, C1, E8, 10, A3, A8, 52, 42, 00, E8, C4, 7B, FF, FF, 85, C0, 75, 0A, 6A, 1C, E8, E9, A3, FF, FF, 83, C4, 04, C7, 45, FC, 00, 00, 00, 00, E8, FA, 26, 00, 00, E8, 75, 4A, 00, 00, FF, 15, 64, E0, 41...
 
[+]

Entropy:
6.3159

Developed / compiled with:
Microsoft Visual C++

Code size:
112.5 KB (115,200 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (SMTP):
Connects to pubweb.lwolf.com  (65.110.168.202:25)

TCP (SMTP):
Connects to mail.zuckergoldberg.com  (209.191.10.93:25)

TCP (SMTP):
Connects to IP-216-37-53-32.nframe.net  (216.37.53.32:25)

TCP (SMTP):
Connects to interramp.com  (38.8.17.2:25)

TCP (SMTP):
Connects to imu207.infomaniak.ch  (84.16.80.62:25)

TCP (SMTP):
Connects to hosting.vali.bg  (212.91.184.22:25)

TCP:
Connects to fr.de.coretek.ru  (5.104.109.197:14007)

TCP (SMTP):
Connects to cluster011.ovh.net  (213.186.33.40:25)

Remove smsss.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.