winsysapp.exe

The executable winsysapp.exe has been detected as malware by 44 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WindowMessenger’.
Remove winsysapp.exe - Powered by Reason Core Security
MD5:
15fe5b689e43f751e1f12025a4ab66c8

SHA-1:
0d48af34250c8ba2edc8125171473468ed5e3424

SHA-256:
2c5d8fa4bc8f82dcddc4e1ced40de35f41f7e6ee02f5ed1ad40718687edcaee4

Scanner detections:
44 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/9/2016 10:56:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Worm.Autorun.VN
969

AhnLab V3 Security
Win32/Virut.F
2014.06.11

Avira AntiVirus
W32/Virut.Gen
7.11.30.172

Antiy Labs AVL
Virus/Win32.Virut.ce
1.0.0.1

avast!
Win32:Vitro
140608-0

AVG
Win32/Tanatos.T
2014.0.3955

Baidu Antivirus
Virus.Win32.Virut.$NBP
4.0.3.14610

Bitdefender
Win32.Worm.Autorun.VN
1.0.20.805

Bkav FE
W32.Vetor.PE
1.3.0.4959

Clam AntiVirus
W32.Trojan.VB-13509
0.98/19073

CMC Antivirus
Packed.Win32.Obfuscated.10!O
1.1.0.977

Commtouch SDK
W32/Risk.DYPU-6082
5.4.1.7

Comodo Security
TrojWare.Win32.Cosmu.abf
18503

Dr.Web
Win32.HLLW.Autoruner1.62341
9.0.1.05190

Emsisoft Anti-Malware
Win32.Worm.Autorun.VN
8.14.06.10.04

ESET NOD32
Win32/Virut.NCS virus
7.0.302.0

Fortinet FortiGate
W32/Virut.CE
6/10/2014

F-Prot
W32/MalwareS.BFXL
4.6.5.141

F-Secure
Win32.Worm.Autorun.VN
11.2014-10-06_3

G Data
Win32.Worm.Autorun.VN
14.6.24

IKARUS anti.virus
Worm.Win32.AutoRun
t3scan.1.6.1.0

Jiangmin
Win32/Virut.bt
KV140610

K7 AntiVirus
EmailWorm
13.1712358

K7 Gateway Antivirus
EmailWorm
13.1712358

Kaspersky
Virus.Win32.Virut
15.0.0.463

Malwarebytes
Backdoor.Bot
v2014.06.10.04

McAfee
W32/Virut.n.gen
5600.7103

McAfee Web Gateway
Heuristic.LooksLike.Win32.SuspiciousPE.J
7.7103

Microsoft Security Essentials
Threat.Undefined
1.175.1840.0

MicroWorld eScan
Win32.Worm.Autorun.VN
15.0.0.483

NANO AntiVirus
Virus.Win32.Virut.hpeg
0.28.0.60253

Norman
Virut.HL
11.20140610

nProtect
Win32.Worm.Autorun.VN
14.06.10.01

Qihoo 360 Security
Worm.Win32.FakeFolder.BY
1.0.0.1015

Quick Heal
Worm.Autorun.WT
6.14.14.00

Rising Antivirus
PE:Malware.FakeFolder@CV!1.6AA9
23.00.65.14608

Sophos
W32/Scribble-B
4.98

The Hacker
W32/Virtob.Gen(F)
6.8.0.5.466

Total Defense
Win32/Virut.17408
37.0.10991

Trend Micro House Call
PE_VIRUX.R
7.2.161

Trend Micro
PE_VIRUX.R
10.465.10

Vba32 AntiVirus
Virus.Virut.14
3.12.26.0

VIPRE Antivirus
Worm.Win32.AutoRun.hfp
30164

ViRobot
Win32.Virut.AM
2011.4.7.4223

Remove winsysapp.exe - Powered by Reason Core Security
File size:
536 KB (548,864 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
4/11/2008 10:48:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:cdOpNX1hxmuN9+K5l777777Vr+E3JzHm:sOpNRmuzbN7zH

Entry address:
0x768AD

Entry point:
83, 3C, 24, FE, 89, D2, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, F8, 00, 00, 00, 4B, 28, C1, 66, 4B, 75, FC, 4F, B0, E1, 90, FF, 73, 3C, 59, FE, C2, 42, 81, E9, FD, FF, FF, 7F, F6, D0, 90, 73, E3, 86, C0, B6, 51, 81, D9, E6, 13, 00, 00, 71, D7, 3C, 8C, 2C, 64, FF, B4, 19, E4, 13, 00, 80, 83, C4, 04, B8, BB, 0C, DC, 9A, 8B, CD, 66, 81, 44, 24, FC, B0, BA, BE, EE, 45, 97, 98, 75, B4, 4F, 97, 42, 4F, 68, 2F, 51, 2D, B6, E8, BB, 00, 00, 00, F9, 89, 74, 24, 44, 8D, 8B, 9B, EA, 4C, 90, 83, EF, 93, E8, 5B, 00...
 
[+]

Entropy:
6.1184

Code size:
20 KB (20,480 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WindowMessenger

Command:
C:\recycler\{random}\winsysapp.exe


Remove winsysapp.exe - Powered by Reason Core Security