» actsys.exe
Overview
Analysis
File Details
Behaviors (1)

actsys.exe

NINJASOFT LLC

The application actsys.exe by NINJASOFT has been detected as adware by 14 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “ActSys”.

File name:

actsys.exe

Publisher:

NINJASOFT LLC (signed and verified)

MD5:

9393057e48b3039427b0f90a24e55f5d

SHA-1:

ba09ea4b20e178ed4c32433ca40d430c00d270e0

Scanner detections:

14 / 68

Status:

Adware

Analysis date:

4/13/2025 3:19:37 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.1174424

683

Avira AntiVirus

Adware/BrAppWare.461984

7.11.218.184

avast!

Win32:Adware-gen [Adw]

2014.9-150324

AVG

Generic

2016.0.3188

Bitdefender

Application.Generic.1174424

1.0.20.415

Comodo Security

ApplicUnwnt

21475

ESET NOD32

Win32/Adware.BrAppWare (variant)

9.11351

F-Secure

Application.Generic.1174424

11.2015-24-03_3

G Data

Application.Generic.1174424

15.3.25

IKARUS anti.virus

PUA.BrAppWare

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.202.15326

MicroWorld eScan

Application.Generic.1174424

16.0.0.249

Reason Heuristics

PUP.BR Software.NINJASOF (M)

16.4.27.12

Rising Antivirus

PE:AdWare.Win32.BrAppWare.b!1075356804

23.00.65.15322

File size:

433.1 KB (443,480 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\actsys\actsys.exe

Digital Signature

Signed by:

NINJASOFT LLC

Authority:

Starfield Technologies, Inc.

Valid from:

10/2/2014 10:43:00 AM

Valid to:

10/2/2015 4:10:00 AM

Subject:

CN=NINJASOFT LLC, O=NINJASOFT LLC, L=Lewes, S=Delaware, C=US

Issuer:

OID.2.5.4.5=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

27811F75D46CBB

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:j/q5VhcQ91XtDXn99MYsFlqdZ/YEgbszTV6Z5Ae:7iguXXn99H6AWb8VPe

Entry address:

0x5A810

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, E0, A5, 45, 00, E8, FB, B6, FA, FF, A1, A8, C1, 45, 00, 8B, 00, 8B, 10, FF, 52, 34, 8B, 0D, 5C, BF, 45, 00, A1, A8, C1, 45, 00, 8B, 00, 8B, 15, A4, 96, 45, 00, 8B, 18, FF, 53, 30, A1, A8, C1, 45, 00, 8B, 00, 8B, 10, FF, 52, 38, 5B, E8, 21, 97, FA, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

358.5 KB (367,104 bytes)

Service

Display name:

ActSys

Type:

Win32OwnProcess

Remove actsys.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.