» SYSELTER-PC.exe
Overview
Analysis
File Details
Behaviors (1)

SYSELTER-PC.exe

Trustonic Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Intel Service’.

File name:

SYSELTER-PC.exe

Publisher:

Trustonic Limited (signed and verified)

Version:

MESTRE.32

MD5:

7f39032028d98265859aac27d44f31a3

SHA-1:

0c09c01cb955157f3c0076a23597caf06eb9a1fd

SHA-256:

8a6939f42747f38583d5bca07b2b2f0784d268f2357ebd30b3e217e036906ca8

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 7:20:47 AM UTC (today)

File size:

94.9 MB (99,514,880 bytes)

Product version:

MESTRE.32

Original file name:

SYSELTER-PC.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\syselter-pc.exe

Digital Signature

Signed by:

Trustonic Limited

Authority:

Trustonic Limited

Valid from:

2/27/2013 1:36:51 PM

Valid to:

2/21/2038 1:36:51 PM

Subject:

CN=TLS Root CA, O=Trustonic Limited, C=UK

Issuer:

CN=TLS Root CA, O=Trustonic Limited, C=UK

Serial number:

12345600

File PE Metadata

Compilation timestamp:

10/20/2016 9:15:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1572864:S5dPds4G58qj1u9EOCQA4k5hhhhFtVWeUBP+dcS0TAx+zL8qSt:aWL5DzFxXhhhhFtVWZ7S0Tw

Entry address:

0x5EE8F5E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

94.9 MB (99,512,320 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Intel Service

Command:

C:\users\{user}\appdata\local\temp\{random}.tmp\syselter-pc.exe

Scan SYSELTER-PC.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.