home

SysInfo.exe

SysInfo

www.SamLab.ws

The application SysInfo.exe by www.SamLab.ws has been detected as a potentially unwanted program by 24 anti-malware scanners.
Publisher:
www.SamLab.ws  (signed and verified)

Product:
SysInfo

Version:
2.0.7.0

MD5:
527cdca96a7e1b91d434167207e27fdc

SHA-1:
a4f088ce8ef77d5f7bf1d51856b82de1da572f10

SHA-256:
3beb1136ce5afedb080795b52a0b746c07035a8c1b0cd49540b80d0ea346f8cf

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 12:36:40 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Downloader.JRBV
366

AhnLab V3 Security
Trojan/Win32.Buzus
2014.03.11

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

AVG
SHeur4
2017.0.2844

Baidu Antivirus
Worm.Win32.AutoRun
4.0.3.1623

Bitdefender
Trojan.Downloader.JRBV
1.0.20.170

Dr.Web
Trojan.DownLoader12.60784
9.0.1.034

Emsisoft Anti-Malware
Trojan.Downloader.JRBV
8.16.02.03.09

ESET NOD32
Detection.Undefined
10.7.0.302.0

F-Secure
Gen:Heur.Kelios.1
11.2016-03-02_4

G Data
Trojan.Downloader.JRBV
16.2.24

IKARUS anti.virus
Gen.Application.Heur
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.176.11351

McAfee
Artemis!3AE7EC4C2725
5600.6500

MicroWorld eScan
Trojan.Downloader.JRBV
17.0.0.102

NANO AntiVirus
Trojan.Win32.Xrat.cvuzwx
0.28.0.59048

nProtect
Trojan.Downloader.JRBV
14.09.12.01

Reason Heuristics
PUP.wwwSamLabws (M)
16.2.3.21

Rising Antivirus
PE:Malware.RDM.30!5.24[F1]
23.00.65.16201

Sophos
PUA 'NirSoft' (of type Hacktool)
5.14

Trend Micro House Call
TROJ_GEN.R047H0ABC14
7.2.34

Vba32 AntiVirus
suspected of Malware-Cryptor.Win32.General
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
30022

ViRobot
Trojan.Win32.A.Agent.5658584[h]
2014.3.20.0

File size:
5.6 MB (5,854,968 bytes)

Product version:
2.0.7.0

Copyright:
www.SamLab.ws

Trademarks:
www.SamLab.ws

Original file name:
SysInfo.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\drp_2015_final\tools\modules\bugreport\sysinfo.exe

Digital Signature
Signed by:
www.SamLab.ws

Authority:
www.SamLab.ws

Valid from:
3/8/2013 12:04:50 AM

Valid to:
1/1/2040 12:59:59 AM

Subject:
CN=www.SamLab.ws

Issuer:
CN=www.SamLab.ws

Serial number:
0F1AFC86B8806ABD46FF618899B7F7D9

File PE Metadata
Compilation timestamp:
12/27/2015 7:27:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:BsBJOzs1ZWCiDkTThihJ5NWdjWtzEG786uIddsFd/i6cG0MW/Zzv6r/nOEU7JGTl:+D+1nDkTEJXsc786ZdyVW/Ze7OEU7bx+

Entry address:
0xC3770

Entry point:
60, BE, 00, F0, 4B, 00, 8D, BE, 00, 20, F4, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
20 KB (20,480 bytes)

Remove SysInfo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.