» SystemRestore.exe
Overview
Analysis
File Details

SystemRestore.exe

System Restore

West Corporation

The executable SystemRestore.exe has been detected as malware by 16 anti-virus scanners.

File name:

SystemRestore.exe

Publisher:

West Corporation (signed and verified)

Product:

System Restore

Version:

1.00.0040

MD5:

e71025dac4e3f115a6594ea35e358169

SHA-1:

3fc29fa2cca09f156658e2c7e90237d6b1d7f6a6

SHA-256:

6ec781d47542a731e4c54a47a1385d9ee0a524ddd4084a2daa5461ad0231b59a

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

5/23/2024 4:39:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

DeepScan:Generic.Malware.SDYBd.FAAB9EDE

429

Avira AntiVirus

TR/Agent.145464

8.3.1.6

avast!

Win32:Malware-gen

2014.9-151203

Bitdefender

DeepScan:Generic.Malware.SDYBd.FAAB9EDE

1.0.20.1685

Emsisoft Anti-Malware

DeepScan:Generic.Malware.SDYBd.FAAB9EDE

8.15.12.03.11

ESET NOD32

probably unknown NewHeur_PE

9.11716

F-Secure

DeepScan:Generic.Malware.SDYBd.FAAB9EDE

11.2015-03-12_5

G Data

DeepScan:Generic.Malware.SDYBd.FAAB9EDE

15.12.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.2.0

K7 AntiVirus

Trojan

13.204.16097

McAfee

Artemis!E71025DAC4E3

5600.6563

MicroWorld eScan

DeepScan:Generic.Malware.SDYBd.FAAB9EDE

16.0.0.1011

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Trend Micro House Call

TROJ_GEN.R047C0ODS15

7.2.337

Trend Micro

TROJ_GEN.R047C0ODS15

10.465.03

VIPRE Antivirus

Trojan.Win32.Generic

40742

File size:

142.1 KB (145,464 bytes)

Product version:

1.00.0040

Original file name:

SystemRestore.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\systemrestore.exe

Digital Signature

Signed by:

West Corporation

Authority:

Trustwave Holdings, Inc.

Valid from:

5/13/2011 8:20:27 AM

Valid to:

5/12/2012 9:48:22 AM

Subject:

O=West Corporation, C=US, S=Nebraska, CN=West Corporation

Issuer:

E=ca@trustwave.com, CN="Trustwave Code Signing CA, Level 2", O="Trustwave Holdings, Inc.", L=Chicago, S=Illinois, C=US

Serial number:

1752BCF9883B765A36EE3E6982F1D0B9

File PE Metadata

Compilation timestamp:

3/25/2011 2:09:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:kdyEO8bEGgBlvWGx5S587ilZhsdaUiI23t++:k68IGJ85q87ilZhsda823tj

Entry address:

0x27C8

Entry point:

68, 88, 29, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 50, 00, 00, 00, 40, 00, 00, 00, 2A, 72, AD, BC, 8B, A1, 43, 44, 95, 82, 07, 3F, 36, D8, 37, 4B, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 53, 79, 73, 74, 65, 6D, 52, 65, 73, 74, 6F, 72, 65, 00, 00, 00, 53, 79, 73, 74, 65, 6D, 20, 52, 65, 73, 74, 6F, 72, 65, 00, 00, 00, 00, 00, 00, 01, 00, 08, 00, 4C, 3D, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 20, 3F, 40, 00, 9C, 00, 42, 00... 
[+]

Entropy:

5.5986

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

124 KB (126,976 bytes)

Remove SystemRestore.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.