smss.exe

Windows Oturum Yöneticisi

SELCUK GUNDOGDU

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable smss.exe, “Windows Oturum Yöneticisi” has been detected as malware by 1 anti-virus scanner.
Publisher:
Microsoft Corporation  (signed by SELCUK GUNDOGDU)

Product:
Microsoft® Windows® Operating System

Description:
Windows Oturum Yöneticisi

Version:
6.1.7600.16385

MD5:
e24249850f3ac23c7facb0b648c3fa51

SHA-1:
bd4a50ca1c15e113b010860ee9a6dcd19f2f6680

SHA-256:
1b87377f743f04ecca177de46f3576d5e5eb76e46f4c45c80e499449434e329c

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 5:48:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.2.15

File size:
69.2 KB (70,880 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
smss.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\windows\smss.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/12/2015 5:00:00 PM

Valid to:
3/12/2016 3:59:59 PM

Subject:
CN=SELCUK GUNDOGDU, O=SELCUK GUNDOGDU, STREET=Esentepe mah dergiler sok no 25 deal plaza, L=ISTANBUL, S=SISLI, PostalCode=34394, C=TR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C33187FE848A65E8484EA492CB2CBB18

File PE Metadata
Compilation timestamp:
9/21/2015 8:28:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:XhkQ4UmHVXDAUE0DhCdj9bKWzjNl8/buRMNsRlT:XhIUSzAUE+hCdj9bKWjNl8/bQRlT

Entry address:
0x112CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9353

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
61 KB (62,464 bytes)

Remove smss.exe - Powered by Reason Core Security