» system.exe..
Overview
Analysis
File Details
Behaviors (1)

system.exe..

Chrome

The file system.exe.. has been detected as malware by 9 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘7236d31805e71c2938f4eaca41f179a6’.

File name:

system.exe..

Publisher:

Chrome

Product:

Chrome

Version:

50.6.7.8

MD5:

f552750d4f4982a815236da5fe477fec

SHA-1:

ae5d76909075f9639594822c0a3a8bacda964c97

SHA-256:

abf0a106d9f08e62c6b4448c92fbcf3b77558b191789dfd8be517961b248b5f2

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

4/18/2024 5:51:02 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.367961

1018

avast!

Win32:Malware-gen

2014.9-140423

Bitdefender

Gen:Variant.Kazy.367961

1.0.20.565

Emsisoft Anti-Malware

Gen:Variant.Kazy.367961

8.14.04.23.10

ESET NOD32

MSIL/Injector.BSL (variant)

8.9711

F-Secure

Gen:Variant.Kazy.367961

11.2014-23-04_4

G Data

Gen:Variant.Kazy.367961

14.4.24

MicroWorld eScan

Gen:Variant.Kazy.367961

15.0.0.339

Qihoo 360 Security

Malware.QVM03.Gen

1.0.0.1015

File size:

218.5 KB (223,744 bytes)

Product version:

50.6.7.8

Chrome

Trademarks:

Chrome

Original file name:

Server.exe

Common path:

C:\ProgramData\system.exe..

File PE Metadata

Compilation timestamp:

4/18/2014 6:41:19 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:qhjdw5kQNBFdd3PkUuVIdF2HG5CkcIcWdqjV22EIjSOjcoP4BU+:IEJuVMcIcWdIV22tjSO54

Entry address:

0x37EEF

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6849

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

216 KB (221,184 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

7236d31805e71c2938f4eaca41f179a6

Command:

"C:\ProgramData\system.exe"..

Remove system.exe.. - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.