home

systemtools.exe

The executable systemtools.exe has been detected as malware by 8 anti-virus scanners. While running, it connects to the Internet address ns.beststudio.ru on port 443.
MD5:
4346342170dc4feb5ae2efb1d2e84a4d

SHA-1:
feb0ed8f2ca0a32d27fb13c31001b7d83f3c5bfa

SHA-256:
7d195eb328c6aa25e2fbe3d63c8270e5c401041a35f5874d3dd4db8425b71f79

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
4/26/2024 1:54:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Razy.109476
43

Arcabit
Trojan.Razy.D1ABA4
1.0.0.792

Bitdefender
Gen:Variant.Razy.109476
1.0.20.1785

Emsisoft Anti-Malware
Gen:Variant.Razy.109476
8.16.12.22.02

F-Secure
Gen:Variant.Razy.109476
11.2016-22-12_5

G Data
Gen:Variant.Razy.109476
16.12.25

MicroWorld eScan
Gen:Variant.Razy.109476
17.0.0.1071

Qihoo 360 Security
HEUR/QVM10.1.0000.Malware.Gen
1.0.0.1120

File size:
518 KB (530,432 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\system tools\systemtools.exe

File PE Metadata
Compilation timestamp:
12/22/2016 5:49:41 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x371B9

Entry point:
E8, 53, 06, 00, 00, E9, 8E, FE, FF, FF, FF, 25, 30, 12, 46, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 16, F5, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 05, F5, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 78, A0, 47, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00...
 
[+]

Code size:
382 KB (391,168 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to static.35.26.46.78.clients.your-server.de  (78.46.26.35:21000)

TCP (HTTP):
Connects to static.219.249.201.138.clients.your-server.de  (138.201.249.219:80)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (87.250.251.119:443)

TCP (HTTP SSL):
Connects to clck.yandex.ru  (87.250.250.14:443)

TCP (HTTP SSL):
Connects to static.yandex.net  (178.154.131.217:443)

TCP (HTTP):
Connects to mx1.admin64.ru  (88.147.159.9:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-frt3.fbcdn.net  (31.13.92.14:443)

TCP (HTTP SSL):
Connects to top-fwz1.mail.ru  (217.69.136.175:443)

TCP (HTTP SSL):
Connects to static.213-239-227-65.clients.your-server.de  (213.239.227.65:443)

TCP (HTTP SSL):
Connects to server-54-192-119-83.sfo9.r.cloudfront.net  (54.192.119.83:443)

TCP (HTTP SSL):
Connects to rev35.rtbhouse.net  (37.140.238.35:443)

TCP (HTTP SSL):
Connects to grade.market.yandex.ru  (77.88.21.53:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:443)

TCP (HTTP SSL):
Connects to ec2-54-247-88-150.eu-west-1.compute.amazonaws.com  (54.247.88.150:443)

TCP (HTTP SSL):
Connects to a23-74-193-7.deploy.static.akamaitechnologies.com  (23.74.193.7:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-ams3.fbcdn.net  (31.13.91.6:443)

TCP (HTTP SSL):
Connects to topf8.l.smailru.net  (217.69.133.145:443)

TCP:
Connects to static.211.95.46.78.clients.your-server.de  (78.46.95.211:21000)

TCP (HTTP SSL):
Connects to server-52-84-133-85.atl52.r.cloudfront.net  (52.84.133.85:443)

TCP (HTTP SSL):
Connects to ns1.beststudio.ru  (78.46.161.85:443)

Remove systemtools.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.