» scsisv.exe
Overview
Analysis
File Details
Behaviors (1)

scsisv.exe

Cobind

The executable scsisv.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SCSI Service’.

File name:

scsisv.exe

Publisher:

Cobind (signed and verified)

MD5:

fd932e32dd222adecc67acc65b8e3f56

SHA-1:

04722c0cc7a741925abe0caa36c26f3e7fe41213

SHA-256:

952e8f3ffa8a350a3466ab62fcddf13a2c6f0450c45955b9f4e55c6e511434cd

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

11/27/2024 7:46:24 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Detection.Undefined

9.0.1.05190

ESET NOD32

MSIL/Injector.PZX trojan

6.3

McAfee

Trojan.Trojan-FJJW!FD932E32DD22

18.0.204.0

File size:

1.1 MB (1,156,512 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\890c5323-e552-48bb-a3d2-0b6b98ec1111\scsi service\scsisv.exe

Digital Signature

Signed by:

Cobind

Authority:

Cobind

Valid from:

8/5/2016 2:36:03 PM

Valid to:

8/3/2026 2:36:03 PM

Subject:

E=admin@cobind.com, CN=cobind.com, OU=Ques Unit, O=Cobind, L=New York City, S=New York, C=US

Issuer:

E=admin@cobind.com, CN=cobind.com, OU=Ques Unit, O=Cobind, L=New York City, S=New York, C=US

Serial number:

00ABF3127C9761E782

File PE Metadata

Compilation timestamp:

8/8/2016 12:49:33 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:HUB77L9dY9nAUI4tm4/pgnxkORedFs1+NK4vCmIgjZex:0B7d8AUIcL/pgnqOyo+NK8IOo

Entry address:

0x10C2BE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9185

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1 MB (1,093,632 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SCSI Service

Command:

C:\users\{user}\appdata\roaming\890c5323-e552-48bb-a3d2-0b6b98ec1111\scsi service\scsisv.exe

Remove scsisv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.