» sykc278.exe
Overview
Analysis
File Details
Network (13)

sykc278.exe

SilentInstaller

The application sykc278.exe has been detected as a potentially unwanted program by 29 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address ju171.jupiter.fastwebserver.de on port 80 using the HTTP protocol.

File name:

sykc278.exe

Product:

SilentInstaller

Version:

1.0.0.1

MD5:

f93a64932782479a96b698b73feae2f1

SHA-1:

7aaff10902efd3741210800b1eefa63dc150b0d4

SHA-256:

6a4cbf2cdfeac818132a0039b2b15a5a6a35c88b7fb8ba5e9f36ba851fcbf758

Scanner detections:

29 / 68

Status:

Potentially unwanted

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/23/2024 10:02:42 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2655393

501

Agnitum Outpost

Trojan.DR.MSIL

7.1.1

Avira AntiVirus

TR/Dropper.MSIL.Gen

8.3.1.6

Arcabit

Trojan.Generic.D2884A1

1.0.0.527

avast!

Win32:Malware-gen

2014.9-150921

AVG

MSIL8

2016.0.2979

Bitdefender

Trojan.GenericKD.2655393

1.0.20.1320

Bkav FE

W32.KedtiN.Trojan

1.3.0.7133

Comodo Security

ApplicUnwnt

23234

Dr.Web

Trojan.Crossrider1.48337

9.0.1.0264

ESET NOD32

MSIL/Adware.Imali (variant)

9.12250

Fortinet FortiGate

Adware/Agent

9/21/2015

F-Secure

Trojan.GenericKD.2655393

11.2015-21-09_2

G Data

Trojan.GenericKD.2655393

15.9.25

herdProtect (fuzzy)

variant of sdf73b9.exe (Adware)

2015.10.3.21

IKARUS anti.virus

AdWare.MSIL.Imali

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.210.17208

Kaspersky

not-a-virus:AdWare.MSIL.Agent

14.0.0.1392

McAfee

RDN/Generic.dx

5600.6635

MicroWorld eScan

Trojan.GenericKD.2655393

16.0.0.792

NANO AntiVirus

Riskware.Win32.MLW.dvumpd

0.30.24.3283

nProtect

Trojan.GenericKD.2655393

15.09.14.01

Panda Antivirus

Trj/CI.A

15.09.21.12

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Sophos

Generic PUA HK (PUA)

4.98

SUPERAntiSpyware

Adware.Kazy/Variant

9616

Trend Micro

TROJ_GEN.R0EBC0PHT15

10.465.21

VIPRE Antivirus

Trojan.Win32.Generic

43748

Zillya! Antivirus

Adware.Agent.Win32.73264

2.0.0.2398

File size:

329 KB (336,896 bytes)

Product version:

1.0.0.1

Original file name:

SilentInstaller_dotnet2.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\sykc278.exe

File PE Metadata

Compilation timestamp:

8/18/2015 1:34:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:N1PrKbFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5Vghmek7LvyL:N1rKRZwgVxGq86oH/MKvnolgg4ek7js

Entry address:

0x530CE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8250

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

324.5 KB (332,288 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-52-1-45-42.compute-1.amazonaws.com (52.1.45.42:80)

TCP (HTTP):

Connects to server-52-85-83-100.lax1.r.cloudfront.net (52.85.83.100:80)

TCP (HTTP):

Connects to server-52-85-83-225.lax1.r.cloudfront.net (52.85.83.225:80)

TCP (HTTP):

Connects to server-52-84-246-157.sfo20.r.cloudfront.net (52.84.246.157:80)

TCP (HTTP):

Connects to server-52-84-246-100.sfo20.r.cloudfront.net (52.84.246.100:80)

TCP (HTTP):

Connects to cnhk01.proinity.net (209.58.185.108:80)

TCP (HTTP):

Connects to server-52-84-126-65.iad16.r.cloudfront.net (52.84.126.65:80)

TCP (HTTP):

Connects to ju171.jupiter.fastwebserver.de (89.163.148.171:80)

TCP (HTTP):

Connects to brsp01.proinity.net (169.57.142.124:80)

TCP (HTTP):

Connects to server-54-192-29-152.dub2.r.cloudfront.net (54.192.29.152:80)

TCP (HTTP):

Connects to server-54-192-203-99.fra50.r.cloudfront.net (54.192.203.99:80)

TCP (HTTP):

Connects to server-54-192-203-33.fra50.r.cloudfront.net (54.192.203.33:80)

TCP (HTTP):

Connects to server-52-84-230-7.sfo9.r.cloudfront.net (52.84.230.7:80)

Remove sykc278.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.