home

SysDir.exe

SysApp

The executable SysDir.exe has been detected as malware by 4 anti-virus scanners. While running, it connects to the Internet address wsw40.surf-town.net on port 80 using the HTTP protocol.
Publisher:
Microsoft*  (Invalid match)

Product:
SysApp

Version:
3.5.4.0

MD5:
f7a78a3bd558d96075c49a1c4e681e71

SHA-1:
bd51149525b2579f3eff4abcc02691a04f43eff1

SHA-256:
e2e8e656ce43aaec792a6f0fc01ae87416259556fd2c3e49830454ca163a8a79

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
4/19/2024 6:00:44 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
17074

ESET NOD32
MSIL/RiskWare.TBKeylogger (variant)
8.8892

McAfee
Keylog-Best
5600.7034

VIPRE Antivirus
Trojan.Win32.Generic
22208

File size:
6.4 MB (6,758,400 bytes)

Product version:
3.5.4.0

Copyright:
Copyright © Microsoft 2011

Original file name:
SysDir.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\sysapp\sysdir.exe

File PE Metadata
Compilation timestamp:
8/23/2012 4:32:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:mXhUv7s0zkGsPeWrSz4itGNvKqUeV6XZDFaJtqpeLBJ1hX+fLODYXbDz:mxUv/zCPeQ37UewXTaLqpeBJ1YaDYXf

Entry address:
0x67352E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.4 MB (6,755,840 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to wsw40.surf-town.net  (212.97.133.140:80)

Remove SysDir.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.