» SysInfo.exe
Overview
Analysis
File Details

SysInfo.exe

SysInfo

www.SamLab.ws

The application SysInfo.exe by www.SamLab.ws has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.

File name:

SysInfo.exe

Publisher:

www.SamLab.ws (signed and verified)

Product:

SysInfo

Version:

1.0.42.44

MD5:

6af31a2ea5a2a1c38e915cec34b9bd45

SHA-1:

db2fa7be9f7bd65c76c31aac3a92b2b1f9415192

SHA-256:

08ac1e7ad7d53c3689921628228699caa0b3b17d15607f3a1e0a5b852856eef6

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

5/4/2024 10:27:40 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Downloader.JRBV

364

AhnLab V3 Security

Trojan/Win32.Buzus

2014.03.11

Avira AntiVirus

TR/Dropper.Gen

7.11.30.172

AVG

SHeur4

2017.0.2842

Baidu Antivirus

Worm.Win32.AutoRun

4.0.3.1626

Bitdefender

Trojan.Downloader.JRBV

1.0.20.185

Dr.Web

Trojan.DownLoader12.60784

9.0.1.037

Emsisoft Anti-Malware

Trojan.Downloader.JRBV

8.16.02.06.10

ESET NOD32

Detection.Undefined

10.7.0.302.0

F-Secure

Gen:Heur.Kelios.1

11.2016-06-02_7

G Data

Trojan.Downloader.JRBV

16.2.24

IKARUS anti.virus

Gen.Application.Heur

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.176.11351

McAfee

Artemis!3AE7EC4C2725

5600.6498

MicroWorld eScan

Trojan.Downloader.JRBV

17.0.0.111

NANO AntiVirus

Trojan.Win32.Xrat.cvuzwx

0.28.0.59048

nProtect

Trojan.Downloader.JRBV

14.09.12.01

Reason Heuristics

PUP.wwwSamLabws.Installer (M)

16.2.6.10

Rising Antivirus

PE:Malware.RDM.30!5.24[F1]

23.00.65.16204

Sophos

PUA 'NirSoft' (of type Hacktool)

5.14

Trend Micro House Call

TROJ_GEN.R047H0ABC14

7.2.37

Vba32 AntiVirus

suspected of Malware-Cryptor.Win32.General

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

30022

ViRobot

Trojan.Win32.A.Agent.5658584[h]

2014.3.20.0

File size:

4.3 MB (4,470,128 bytes)

Product version:

1.0.42.44

www.SamLab.ws

Trademarks:

www.SamLab.ws

Original file name:

SysInfo.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\tools\modules\bugreport\sysinfo.exe

Digital Signature

Signed by:

www.SamLab.ws

Authority:

www.SamLab.ws

Valid from:

3/8/2013 4:04:50 AM

Valid to:

1/1/2040 4:59:59 AM

Subject:

CN=www.SamLab.ws

Issuer:

CN=www.SamLab.ws

Serial number:

0F1AFC86B8806ABD46FF618899B7F7D9

File PE Metadata

Compilation timestamp:

3/31/2013 2:38:49 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:Rlb8jIf55owk5Xb89Uag9EhF/RnmqVRokdTYOJAxmpU:RxDI5XkUl9sRH/oaHJAxB

Entry address:

0x373C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 08, 8A, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, D8, 88, 44, 00, E8, AD, 27, 00, 00, 53, 68, 60, 01, 00, 00, A3, E0, 87, 44, 00, 8D, 44, 24, 38, 50, 53, 68, 9B, 8A, 40, 00, FF, 15, 58, 81, 40, 00, 68, 90, 8A, 40, 00, 68, E0, 47, 44, 00, E8, EC, 24, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, 00, 10, 47, 00, 57, E8, DA, 24, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

24.5 KB (25,088 bytes)

Remove SysInfo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.