» sstam.exe
Overview
Analysis
File Details
Behaviors (1)

sstam.exe

The executable sstam.exe has been detected as malware by 25 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘e79fca9e700c8b0089d71ca144cb8508’. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.

File name:

sstam.exe

MD5:

53ee6579c5fd8cb5b01bb3f473204c0b

SHA-1:

5a23b62d54126c66937d2a8a98f9bc0d88dcfdf4

SHA-256:

7ddac5c13d76a9ffcfc137123ce0ba7dbb45aa510025cc837de1a11b762a4c46

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/18/2024 7:01:21 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Spy.Gen8

7.11.94.192

avast!

Win32:Dropper-gen [Drp]

2014.9-140722

AVG

MSIL

2015.0.3406

Bitdefender

Trojan.Generic.KDZ.1629

1.0.20.1015

Dr.Web

Win32.HLLW.Autoruner.25074

9.0.1.0203

Emsisoft Anti-Malware

Trojan.Generic.KDZ.1629

8.14.07.22.02

ESET NOD32

MSIL/Bladabindi (variant)

8.8645

Fortinet FortiGate

MSIL/Agent.PPP!tr

7/22/2014

F-Prot

W32/MSIL_Bladabindi.A.gen

v6.4.7.1.166

F-Secure

Trojan.Generic.KDZ.1629

11.2014-22-07_3

G Data

Trojan.Generic.KDZ.1629

14.7.22

IKARUS anti.virus

Trojan.Msil

t3scan.2.0.3.0

K7 AntiVirus

Riskware

13.170.9164

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3525

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AA

1.163.1557.0

MicroWorld eScan

Trojan.Generic.KDZ.1629

15.0.0.609

nProtect

Trojan/W32.Agent.44544.VQ

13.08.04.03

Panda Antivirus

Generic Malware

14.07.22.02

Rising Antivirus

Backdoor.Bot!4E4F

23.00.65.14720

Sophos

Mal/Bbindi-A

4.91

SUPERAntiSpyware

Trojan.Agent/Gen-MSIL

10469

Trend Micro House Call

TROJ_SPNR.06GD13

7.2.203

Trend Micro

TROJ_SPNR.06GD13

10.465.22

Vba32 AntiVirus

Trojan.MSIL.Disfa

3.12.22.3

VIPRE Antivirus

Trojan.MSIL.Bladabindi.be

20136

File size:

43.5 KB (44,544 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\sstam.exe

File PE Metadata

Compilation timestamp:

6/5/2013 5:52:31 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:UjO6rB8yFUPoIS6KQvKr+9RTW26N5k1Y6H0jHv6qvtq14LMr12DMN5CX/HCCIPk6:oeR/RNcdWlyM4HCCGk

Entry address:

0xC50E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11... 
[+]

Entropy:

5.5689

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

41.5 KB (42,496 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

e79fca9e700c8b0089d71ca144cb8508

Command:

"C:\ProgramData\sstam.exe"..

Remove sstam.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.