» syscheck.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

syscheck.exe

KEYDOWNLOAD LTD

The application syscheck.exe by KEYDOWNLOAD has been detected as adware by 2 anti-malware scanners. This file is typically installed with the program KeyPlayr by KeyDownload which is a potentially unwanted software program. While running, it connects to the Internet address 106.147.96.66.static.eigbox.net on port 80 using the HTTP protocol.

File name:

syscheck.exe

Publisher:

KeyDownload (signed by KEYDOWNLOAD LTD)

Description:

System check

Version:

1.0.1.9

MD5:

d5316f64948b0a12051f1a3cae008efa

SHA-1:

c55587873f15bc114fb15fe07fc3332255537f91

SHA-256:

19ab4006963b4a9591a83f4df1dcc8a011bbdfcdf60581b005d0ae58ed932b46

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/19/2024 12:21:00 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.KEYDOWNLOAD.I

14.8.7.19

VIPRE Antivirus

Adware.KeyDownload

29286

File size:

426.7 KB (436,944 bytes)

Product version:

1.0.1.9

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\keydownload\keyplayr\syscheck.exe

Digital Signature

Signed by:

KEYDOWNLOAD LTD

Authority:

Thawte, Inc.

Valid from:

10/12/2013 8:00:00 PM

Valid to:

10/23/2014 7:59:59 PM

Subject:

CN=KEYDOWNLOAD LTD, O=KEYDOWNLOAD LTD, L=Tel Aviv- Jaffa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

301A0B08CC22C86BC31C6BBC010D3E91

File PE Metadata

Compilation timestamp:

5/10/2014 9:06:55 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:r4wszRYoGkJvq7Lfut+kXUll3V0RL8aXv5I158X72el+1aXv5I158X72el+yxk:r4fzeHfgv038dXuo7fdXuo7fDk

Entry address:

0xD687

Entry point:

E8, E4, 7E, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 77, 6F, 53, 57, A1, 5C, 00, 43, 00, 85, C0, 75, 1D, E8, 5A, 56, 00, 00, 6A, 1E, E8, B0, 56, 00, 00, 68, FF, 00, 00, 00, E8, 77, 5A, 00, 00, A1, 5C, 00, 43, 00, 59, 59, 85, F6, 74, 04, 8B, CE, EB, 03, 33, C9, 41, 51, 6A, 00, 50, FF, 15, B8, 40, 42, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5B, 39, 05, F0, 09, 43, 00, 74, 0D, 56, E8, 8E, 55, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 0B, 2F, 00, 00, 89, 18, E8, 04, 2F, 00, 00, 89, 18, 8B... 
[+]

Entropy:

6.1857

Code size:

137.5 KB (140,800 bytes)

The file syscheck.exe has been discovered within the following program.

KeyPlayr by KeyDownload

This adware injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, in-text ads and links, transitional, interstitial and full page ads.

www.KeyDownload.com

83% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 106.147.96.66.static.eigbox.net (66.96.147.106:80)

Remove syscheck.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.