smss.exe

Windows Oturum Yöneticisi

Onur Karagoz

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable smss.exe, “Windows Oturum Yöneticisi” has been detected as malware by 19 anti-virus scanners.
Publisher:
Microsoft Corporation  (signed by Onur Karagoz)

Product:
Microsoft® Windows® Operating System

Description:
Windows Oturum Yöneticisi

Version:
1.0.0.0

MD5:
a6df87f5ec20e1cec147bf4e272f2bb5

SHA-1:
e5ba6b04b11fe8f6600870da2fde7a4bfdaa89fe

SHA-256:
8fffbb754859e740b08b963c45243f25ed19eceddb101b3aa68d359f8c65aac7

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
12/25/2024 4:30:28 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.MSILPerseus.27370
215

Avira AntiVirus
TR/Bamgadin.qvne
8.3.3.4

Arcabit
Trojan.MSILPerseus.D6AEA
1.0.0.672

AVG
Atros3
2017.0.2693

Bitdefender
Gen:Variant.MSILPerseus.27370
1.0.20.925

Emsisoft Anti-Malware
Gen:Variant.MSILPerseus.27370
8.16.07.03.03

ESET NOD32
MSIL/Bamgadin.BI (variant)
10.13407

Fortinet FortiGate
Malware_Generic.P0
7/3/2016

F-Secure
Gen:Variant.MSILPerseus.27370
11.2016-03-07_1

G Data
Gen:Variant.MSILPerseus.27370
16.7.25

K7 AntiVirus
Trojan
13.223.19449

McAfee
Artemis!A6DF87F5EC20
5600.6349

Microsoft Security Essentials
TrojanClicker:MSIL/Balamid
1.1.12706.0

MicroWorld eScan
Gen:Variant.MSILPerseus.27370
17.0.0.555

Qihoo 360 Security
Win32/Trojan.338
1.0.0.1120

Rising Antivirus
Trojan.Bamgadin!8.7E3 (Cloud)
23.00.65.16701

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R00JC0EDP16
10.465.03

VIPRE Antivirus
Trojan.Win32.Generic
48992

File size:
87.2 KB (89,336 bytes)

Product version:
1.0.0.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
smss.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\windows\smss.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
11/13/2014 7:00:00 AM

Valid to:
11/14/2015 6:59:59 AM

Subject:
CN=Onur Karagoz, O=Onur Karagoz, STREET=UĞURMUMCU MAH. UĞURMUMCU CAD., STREET=184 ÇATIEVLER SİTESİ, STREET=BLOK:C D:210, L=Ankara, S=Yenimahalle, PostalCode=06370, C=TR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CD82F99CAD17F58E443C98C1BD258CBA

File PE Metadata
Compilation timestamp:
4/13/2016 7:54:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:zx0B7bvRlz2pCru+ZacDBs+eiLykCdYRvMea+BeRE6PqeY:N0vvRlz223acDnyPeaAeCcvY

Entry address:
0x15BEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, A4, 6A, D7, 56, B7, C7, E8, DB, 70, 20, 24, EE, CE, BD, C1, AF, 0F, 7C, F5, 2A, C6, 87, 47, 13, 46, 30, A8, 01, 95, 46, FD, D8, 98, 80, 69, AF, F7, 44, 8B, B1, 5B, FF, FF, BE, D7, 5C, 89, 22, 11, 90, 6B, 93, 71, 98, FD, 8E, 43, 79, A6, 21, 08, B4, 49, 62, 25, 1E, F6, 40, B3, 40, C0, 51, 5A, 5E, 26, AA, C7, B6, E9, 5D, 10, 2F, D6, 53, 14, 44, 02, 81, E6, A1, D8, C8, FB, D3, E7, E6, CD, E1, 21, D6, 07, 37, C3, 87, 0D, D5, F4, ED, 14...
 
[+]

Entropy:
5.9406

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79 KB (80,896 bytes)

Remove smss.exe - Powered by Reason Core Security