home

sysdiag-c10.exe

hrinst Module

HuoRongBoRui (Beijing) Technology Co.,Ltd

The executable sysdiag-c10.exe has been detected as malware by 6 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Huorong Borui (Beijing) Technology Co., Ltd.  (signed by HuoRongBoRui (Beijing) Technology Co.,Ltd)

Product:
hrinst Module

Version:
1, 0, 0, 3

MD5:
959583f3643eb19b8a6d9fe45bea3e20

SHA-1:
a009b02cc82410e4a1463da7b0f41d8bf3d65d94

SHA-256:
de0a5856a2e65417d642a6ef55569f6cbf8e440dd83fa280af86ddb57432873b

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
4/19/2024 11:46:17 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AVG
Downloader.Rozena
2016.0.3119

IKARUS anti.virus
Trojan.Win32.Rozena
t3scan.1.8.6.0

McAfee
Artemis!959583F3643E
5600.6775

Norman
Downloader
11.20150504

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38008

File size:
470.4 KB (481,680 bytes)

Product version:
1, 0, 0, 3

Copyright:
Copyright 2014

Original file name:
hrinst

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\application data\microsoft\windows\templates\sysdiag-c10.exe

Digital Signature
Signed by:
HuoRongBoRui (Beijing) Technology Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
3/27/2013 8:00:00 AM

Valid to:
4/27/2014 7:59:59 AM

Subject:
CN="HuoRongBoRui (Beijing) Technology Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="HuoRongBoRui (Beijing) Technology Co.,Ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D12E10CA5A1FC01A347E1427DFB9D86

File PE Metadata
Compilation timestamp:
3/10/2014 10:45:57 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:m7FP6e3TgZCjaNun+9v0ijun1CN/7GE5i863ERaSJ7Do7aniov7O3JZNTYd:2FB2cr34aw7k7aniov2rN0d

Entry address:
0x3C29A

Entry point:
E8, DD, 8F, 00, 00, E9, 79, FE, FF, FF, 68, 20, 65, 43, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 20, 8F, 45, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, 56, FF, 35, C8, 92, 45, 00, 8B, 35, 84, E1, 44, 00, FF, D6, 85, C0, 74, 21, A1, C4, 92, 45, 00...
 
[+]

Entropy:
6.3840

Code size:
305.5 KB (312,832 bytes)

Remove sysdiag-c10.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.