sysanalyzer_setup.exe

The executable sysanalyzer_setup.exe, “SysAnalyzer Setup ” has been detected as malware by 23 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from sandsprite.com.
Description:
SysAnalyzer Setup

MD5:
6410afd83cdab0014cb94612cc257407

SHA-1:
431613316c862f400bf64ffaa6c37678c6dedaec

SHA-256:
20c7c93b86628a3db8e06aeb1025175543b79fe976f133bb67c9ed1600744274

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
9/25/2018 10:24:18 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Genome
7.1.1

Avira AntiVirus
TR/Dropper.Gen
7.11.152.70

avast!
Win32:Malware-gen
2014.9-140601

AVG
Worm/VB
2015.0.3457

Baidu Antivirus
Trojan.Win32.IDefense
4.0.3.1461

Commtouch SDK
W32/Trojan.AYJN-4111
5.4.1.7

Comodo Security
UnclassifiedMalware
18393

Dr.Web
DLOADER.Trojan
9.0.1.0152

ESET NOD32
Win32/IDefense
8.9875

Fortinet FortiGate
Riskware/IDefense
6/1/2014

F-Prot
W32/VBTrojan.19F1
v6.4.7.1.166

G Data
Win32.Trojan.Agent.02RPHR
14.6.24

IKARUS anti.virus
Trojan.Win32.Agent
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.178.12257

K7 Gateway Antivirus
Trojan
13.178.12257

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud)
331020.49267

McAfee
Artemis!6410AFD83CDA
5600.7113

McAfee Web Gateway
Artemis!6410AFD83CDA
7.7113

NANO AntiVirus
Trojan.Win32.IDefense.cwywqf
0.28.0.59921

Norman
Suspicious_Gen2.VTUG
11.20140601

Trend Micro House Call
TROJ_GEN.R0CBB01DM14
7.2.152

Vba32 AntiVirus
Worm.Qvod
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29802

File size:
2.8 MB (2,960,941 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\sysanalyzer_setup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 7:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Z2/5TP/GZx+EuxPVI0zHBel45AaWyPbM6YyL7tisw2Hn9LEze36bDzMMk:M0r9MVI+HBUYAaDPbrliV6RIe3iQL

Entry address:
0x9A54

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 72, 96, FF, FF, E8, 79, A8, FF, FF, E8, A4, CA, FF, FF, E8, EB, CA, FF, FF, E8, 12, F3, FF, FF, E8, 79, F4, FF, FF, 33, C0, 55, 68, 02, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, CB, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 06, FA, FF, FF, 8D, 55, F0, 33, C0, E8, B0, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 23, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9971

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36.5 KB (37,376 bytes)

The file sysanalyzer_setup.exe has been seen being distributed by the following URL.

Remove sysanalyzer_setup.exe - Powered by Reason Core Security