» SysInfo.exe
Overview
Analysis
File Details

SysInfo.exe

SysInfo

www.SamLab.ws

The application SysInfo.exe by www.SamLab.ws has been detected as a potentially unwanted program by 24 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

SysInfo.exe

Publisher:

www.SamLab.ws (signed and verified)

Product:

SysInfo

Version:

1.0.54.0

MD5:

091bbd696d8e9c04b828d34c8ed8d5c2

SHA-1:

b612bbad954a8eba8dff307bc1377b59031c0bd1

SHA-256:

3ae739ca0a79021c08ecc1c2053d55a3a178d361012d780b02ea8c7222de6c08

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 10:39:47 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Downloader.JRBV

362

AhnLab V3 Security

Trojan/Win32.Buzus

2014.03.11

Avira AntiVirus

TR/Dropper.Gen

7.11.30.172

AVG

SHeur4

2017.0.2840

Baidu Antivirus

Worm.Win32.AutoRun

4.0.3.1628

Bitdefender

Trojan.Downloader.JRBV

1.0.20.195

Dr.Web

Trojan.DownLoader12.60784

9.0.1.039

Emsisoft Anti-Malware

Trojan.Downloader.JRBV

8.16.02.08.12

ESET NOD32

Detection.Undefined

10.7.0.302.0

F-Secure

Gen:Heur.Kelios.1

11.2016-08-02_2

G Data

Trojan.Downloader.JRBV

16.2.24

IKARUS anti.virus

Gen.Application.Heur

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.176.11351

McAfee

Artemis!3AE7EC4C2725

5600.6496

MicroWorld eScan

Trojan.Downloader.JRBV

17.0.0.117

NANO AntiVirus

Trojan.Win32.Xrat.cvuzwx

0.28.0.59048

nProtect

Trojan.Downloader.JRBV

14.09.12.01

Reason Heuristics

PUP.wwwSamLabws.Installer (M)

16.2.8.0

Rising Antivirus

PE:Malware.RDM.30!5.24[F1]

23.00.65.16206

Sophos

PUA 'NirSoft' (of type Hacktool)

5.14

Trend Micro House Call

TROJ_GEN.R047H0ABC14

7.2.39

Vba32 AntiVirus

suspected of Malware-Cryptor.Win32.General

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

30022

ViRobot

Trojan.Win32.A.Agent.5658584[h]

2014.3.20.0

File size:

5.3 MB (5,533,448 bytes)

Product version:

1.0.54.0

www.SamLab.ws

Trademarks:

www.SamLab.ws

Original file name:

SysInfo.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\sysinfo.exe

Digital Signature

Signed by:

www.SamLab.ws

Authority:

www.SamLab.ws

Valid from:

3/8/2013 2:04:50 AM

Valid to:

1/1/2040 2:59:59 AM

Subject:

CN=www.SamLab.ws

Issuer:

CN=www.SamLab.ws

Serial number:

0F1AFC86B8806ABD46FF618899B7F7D9

File PE Metadata

Compilation timestamp:

12/6/2009 1:50:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:t98U0PAEyTQXeQgKDVeOzaPAdTiJ1KJdURCaF4fbkiKAwo9CXOsnbELKvs/hN:tOUIAEkQkK3Xd0ULU8s4fbBDxeQhN

Entry address:

0x413C0

Entry point:

60, BE, 00, D0, 43, 00, 8D, BE, 00, 40, FC, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

20 KB (20,480 bytes)

Remove SysInfo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.