» smss.exe
Overview
Analysis
File Details
Behaviors (1)

smss.exe

The executable smss.exe has been detected as malware by 20 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘16846220’.

File name:

smss.exe

MD5:

3c896a4a49be00a417dc7477d9371ff7

SHA-1:

70c503e52e80a0627b12c1dd1203010e304c9d42

SHA-256:

421bab008fdd91362160b61dbcca3a440de9520355cb9da4a3ab66dcb27c46ef

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/28/2024 7:51:16 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Xema.worm.56320.C

17.03.14

Avira AntiVirus

Worm/VB.CZ.5

17.03.14

avast!

Win32:Trojan-gen. {UPX!}

2014.9-170314

AVG

Worm/VB

2018.0.2439

Bitdefender

Generic.Malware.LM!VWk!g.98051424

1.0.20.365

Clam AntiVirus

Worm.VB-245

0.98/18155

Dr.Web

BackDoor.Generic.1481

9.0.1.073

ESET NOD32

Win32/NoonLight

11.-

F-Prot

W32/VB-EMU:VB-Backdoor-HRS-based

v6.-

F-Secure

Worm.Win32.VB.cz

11.2017-14-03_3

IKARUS anti.virus

Worm.Win32.Detnat.e

17.03.14

Kaspersky

Worm.Win32.VB

14.0.0.-1310

McAfee

W32/MoonLight.worm

5600.6095

Microsoft Security Essentials

Worm:Win32/Lightmoon.gen@mm!A

1.163.1557.0

Norman

W32/Lightmoon.L

11.20170314

Panda Antivirus

W32/MoonLight.H.worm

17.03.14.11

Prevx

Heuristic: Suspicious File With Covert Attributes

3.0.3

Quick Heal

Worm.VB.cz

3.17.-

Rising Antivirus

Worm.VB.jx

23.00.65.17312

Sophos

Mal/VB-F

17.03.14

File size:

55 KB (56,320 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\46840\smss.exe

File PE Metadata

Compilation timestamp:

3/7/2006 12:27:34 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x265C0

Entry point:

60, BE, 00, C0, 41, 00, 8D, BE, 00, 50, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Entropy:

7.2886

Packer / compiler:

UPX 2.90LZMA

Code size:

44 KB (45,056 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

16846220

Command:

C:\Windows\System32\238408088316l.exe

Remove smss.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.