home

SysInfo.exe

SysInfo

www.SamLab.ws

The application SysInfo.exe by www.SamLab.ws has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
www.SamLab.ws  (signed and verified)

Product:
SysInfo

Version:
1.0.40.3

MD5:
1d99e5449a3db6702947f91f0963120c

SHA-1:
82a4ed86fd9f49bcf4b6d991946223c9422f125c

SHA-256:
afabf5f62e755869843c0d6b9de3a061b5dcce1abd7c5d169610d9292a03d8be

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 8:11:28 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Downloader.JRBV
735

AhnLab V3 Security
Trojan/Win32.Buzus
2014.03.11

AVG
SHeur4
2016.0.3213

Baidu Antivirus
Worm.Win32.AutoRun
4.0.3.15131

Bitdefender
Trojan.Downloader.JRBV
1.0.20.155

Emsisoft Anti-Malware
Trojan.Downloader.JRBV
8.15.01.31.06

F-Secure
Trojan.Downloader.JRBV
11.2015-31-01_7

G Data
Trojan.Downloader.JRBV
15.1.24

IKARUS anti.virus
Gen.Application.Heur
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.176.11351

McAfee
Artemis!3AE7EC4C2725
5600.6869

MicroWorld eScan
Trojan.Downloader.JRBV
16.0.0.93

NANO AntiVirus
Trojan.Win32.Xrat.cvuzwx
0.28.0.59048

nProtect
Trojan.Downloader.JRBV
14.09.12.01

Reason Heuristics
PUP.wwwSamLabws
15.1.31.6

Sophos
PUA 'NirSoft' (of type Hacktool)
59

Trend Micro House Call
TROJ_GEN.R047H0ABC14
7.2.31

Vba32 AntiVirus
suspected of Malware-Cryptor.Win32.General
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
30022

File size:
5.1 MB (5,363,688 bytes)

Product version:
1.0.40.3

Copyright:
www.SamLab.ws

Trademarks:
www.SamLab.ws

Original file name:
SysInfo.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:
www.SamLab.ws

Authority:
www.SamLab.ws

Valid from:
3/8/2013 7:04:50 AM

Valid to:
1/1/2040 7:59:59 AM

Subject:
CN=www.SamLab.ws

Issuer:
CN=www.SamLab.ws

Serial number:
0F1AFC86B8806ABD46FF618899B7F7D9

File PE Metadata
Compilation timestamp:
3/31/2013 5:38:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:Cl4cve3rE+8Mx8Gnlf0358bb7G3QRDPdfUmlMl/tmvQ8juXLLoJyRKIAvoMhbI:c+Fnt03+rG3S57ellmvvwL0Xvp5I

Entry address:
0x373C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 08, 8A, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, D8, 88, 44, 00, E8, AD, 27, 00, 00, 53, 68, 60, 01, 00, 00, A3, E0, 87, 44, 00, 8D, 44, 24, 38, 50, 53, 68, 9B, 8A, 40, 00, FF, 15, 58, 81, 40, 00, 68, 90, 8A, 40, 00, 68, E0, 47, 44, 00, E8, EC, 24, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, 00, 10, 47, 00, 57, E8, DA, 24, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

Remove SysInfo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.