» syslg.exe
Overview
Analysis
File Details
Behaviors (1)

syslg.exe

Loader SMS

Arul Venthan

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable syslg.exe has been detected as malware by 12 anti-virus scanners.

File name:

syslg.exe

Publisher:

Microsoft Corporation (signed by Arul Venthan)

Product:

Microsoft® Windows® Operating System

Description:

Loader SMS

Version:

5.01.0002

MD5:

e2942355afca1d404df2f371f7cad569

SHA-1:

156559cecfe35153d58cca0bfe74525ce391ebe9

SHA-256:

ab8430006bc94e773acba615a5af4fff6d2b05822ea818a3a4c01b021dc449af

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

4/18/2024 10:10:51 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Drop.Dorifel.vxi.1

7.11.73.248

AVG

Dropper.Generic7

2014.0.3616

Comodo Security

UnclassifiedMalware

16030

Emsisoft Anti-Malware

Trojan.Dropper.Win32.Dorifel.AMN

8.13.12.24.11

IKARUS anti.virus

Trojan.Win32.Swisyn

t3scan.2.0.0.0

Kaspersky

Trojan-Dropper.Win32.Dorifel

14.0.0.4573

McAfee

Artemis!E2942355AFCA

5600.7272

Panda Antivirus

Suspicious file

13.12.24.11

Quick Heal

TrojanDropper.Dorifel.vxi

12.13.12.00

Trend Micro House Call

TROJ_GEN.F47V1226

7.2.358

Vba32 AntiVirus

Trojan.VB

3.12.20.2

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

17106

File size:

78.1 KB (79,976 bytes)

Product version:

5.01.0002

Original file name:

isms2.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\syslg.exe

Digital Signature

Signed by:

Arul Venthan

Authority:

COMODO CA Limited

Valid from:

8/13/2012 1:00:00 AM

Valid to:

8/14/2013 12:59:59 AM

Subject:

CN=Arul Venthan, O=Arul Venthan, STREET=TAMPINES STREET 22, L=Singapore, S=Singapore, PostalCode=520283, C=SG

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3EE8679218889B8F5172366E537A859B

File PE Metadata

Compilation timestamp:

10/6/2012 11:39:15 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:Tyx5v5HyymJhlEbFhCQOtROiBsLjK12ES6Hs/w1HP/K66xhfs:mf5SyTFhCQOtROiBsLm1rs/w1HX76hfs

Entry address:

0x1990

Entry point:

68, 28, 23, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 38, 00, 00, 00, 1B, 26, D0, E2, 2C, 3B, AB, 4A, BC, 8C, F6, DC, E4, 54, 3B, 50, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 49, 00, 06, 50, 83, 01, 69, 73, 6D, 73, 00, 40, 38, 00, 49, 53, 4D, 53, 20, 6C, 6F, 61, 64, 65, 72, 00, D8, F0, 38, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0F, 17, F0, B2, DE, B4, AE, 61, 48, AF, 39, DC, 8F, 75, 8D, 22, F7, 6D, 55, 82, 9D, 0F, 42, 55, 4E, 9F, 58, 57, B0, 3D, F6, AC, E2, 3A, 4F, AD... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

60 KB (61,440 bytes)

Policies Explorer Run

Name:

status

Remove syslg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.