home

SysDir.exe

SysApp

Microsoft

It runs as a scheduled task under the Windows Task Scheduler.
Publisher:
Microsoft

Product:
SysApp

Version:
3.5.4.0

MD5:
24a9e53b2b3554714864f5d20e51a8ea

SHA-1:
0e4b718895f62ef09728ec909256e47dea831a58

SHA-256:
0e4bb5374ef4804b65e637f6bca8090b6f0530f7498ee22c3c50d1d3bea7871c

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/11/2025 3:40:49 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
HackTool.MSIL.TBKeylogger
4.0.3.131224

Comodo Security
ApplicUnsaf.Win32.TBKeylogger.~A
17623

ESET NOD32
MSIL/RiskWare.TBKeylogger (variant)
7.9300

File size:
6.5 MB (6,776,320 bytes)

Product version:
3.5.4.0

Copyright:
Copyright © Microsoft 2011

Original file name:
SysDir.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\sysapp\sysdir.exe

File PE Metadata
Compilation timestamp:
9/6/2012 1:26:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:97s0zkGsPeWrSz4itGNvKqUeV6XZDFaJtqpeLBJ1hX+fLODYXbDzO:9/zCPeQ37UewXTaLqpeBJ1YaDYXfS

Entry address:
0x677A8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.2014

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.5 MB (6,773,760 bytes)

Scheduled Task
Task name:
{710807E7-2F5E-42B5-9621-223A89B03750}

Trigger:
Registration (Runs on registration)


Scan SysDir.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.