» SYSLENOVO.exe
Overview
Analysis
File Details
Behaviors (1)

SYSLENOVO.exe

Trustonic Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Intel Service’.

File name:

SYSLENOVO.exe

Publisher:

Trustonic Limited (signed and verified)

Version:

MESTRE.32

MD5:

2566e65421395b5d32106ed042324fae

SHA-1:

68e451bfd79e5f00086ee4657f6cf9ec590d55ff

SHA-256:

1b362475de260e0b1d355c0a78cd81b0655a54444876b2c73d1db0a6c82ae3be

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 9:39:43 AM UTC (today)

File size:

95.3 MB (99,946,496 bytes)

Product version:

MESTRE.32

Original file name:

SYSLENOVO.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\syslenovo.exe

Digital Signature

Signed by:

Trustonic Limited

Authority:

Trustonic Limited

Valid from:

2/27/2013 1:36:51 PM

Valid to:

2/21/2038 1:36:51 PM

Subject:

CN=TLS Root CA, O=Trustonic Limited, C=UK

Issuer:

CN=TLS Root CA, O=Trustonic Limited, C=UK

Serial number:

12345600

File PE Metadata

Compilation timestamp:

11/29/2016 6:42:45 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1572864:3wspykYRmQIr5q8h1t/zZET2d6AbKyQWV889P5QmwScokI60kgaSUKEFh1pN++z8:3wsztZFs27l8QTkx58

Entry address:

0x5F5250E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

95.3 MB (99,943,936 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Intel Service

Command:

C:\users\{user}\appdata\local\temp\{random}.tmp\syslenovo.exe

Scan SYSLENOVO.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.