SSScsiSV.EXE

SonicStage

SONY Corporation

The executable SSScsiSV.EXE, “SonicStage Scsi I/F Server” has been detected as malware by 12 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “SonicStage SCSI Service”.
Publisher:
SONY Corporation  (signed and verified)

Product:
SonicStage

Description:
SonicStage Scsi I/F Server

Version:
4.3.01.14020

MD5:
6b98da3cb5d9ec3f8ad1e1aae8c6766f

SHA-1:
5b18d94b54f47aa506f9f3e19160890259054632

SHA-256:
adced6fd9aa12ad0a05aac8f7e03882aa089fce34e017bbc77cc910460137c65

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/28/2024 1:00:44 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mabezat [Wrm]
160327-1

AVG
Win32/Mabezat
2015.0.4355

Dr.Web
Win32.HLLW.Tazebama
9.0.1.05190

Emsisoft Anti-Malware
Win32.Worm.Mabezat.Gen
11.5.0.6191

ESET NOD32
Win32/Mabezat.A virus
8.0.319.0

F-Prot
W32/Mabezat.A-2
4.6.5.141

F-Secure
Win32.Worm.Mabezat.Gen
5.15.96

Kaspersky
Worm.Win32.Mabezat
15.0.0.562

McAfee
Virus.W32/Mabezat.a
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.2433.0

Norman
Win32.Worm.Mabezat.Gen
02.04.2016 17:35:19

Sophos
Virus 'W32/Mabezat-B'
5.23

File size:
226.4 KB (231,847 bytes)

Product version:
4.3.01

Copyright:
Copyright 2005-2007 Sony Corporation

Original file name:
SSScsiSV.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\common files\sony shared\avlib\ssscsisv.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/7/2006 12:00:00 AM

Valid to:
11/7/2007 11:59:59 PM

Subject:
CN=SONY Corporation, OU="CONNECT Company, Sustaining Engineering sect.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SONY Corporation, L=Shinagawa-ku, S=Tokyo, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
73BB5EBFA8AE9BD49F7F942637577157

File PE Metadata
Compilation timestamp:
2/2/2007 7:07:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:E/WP40G6HsLlpiCw9OSr2ROWK1zE409Id+67P/ecfEITF1nP15RX+ae:lPk6M3K9/2ROlFcEN/ecfEITF1ndOae

Entry address:
0x6CF9

Entry point:
BB, 08, 50, 5A, 4C, 93, E9, 20, 01, 00, 00, 87, 2D, 90, 8C, 38, BC, 90, 8C, 48, 36, 11, 10, 10, 90, 10, 10, 4A, 10, 10, 10, 6F, 41, 46, 41, 40, 41, 49, 47, 46, 10, 10, 10, 84, 71, 8A, 75, 72, 71, 7D, 71, 3E, 74, 7C, 7C, 10, 10, 10, 10, 6C, 10, 10, 10, 56, 82, 75, 75, 5C, 79, 72, 82, 71, 82, 89, 10, 53, 82, 75, 71, 84, 75, 54, 79, 82, 75, 73, 84, 7F, 82, 89, 51, 10, 10, 10, 10, 57, 75, 84, 67, 79, 7E, 74, 7F, 87, 83, 54, 79, 82, 75, 73, 84, 7F, 82, 89, 51, 10, 10, 10, 10, 57, 75, 84, 5D, 7F, 74, 85, 7C, 75...
 
[+]

Code size:
40 KB (40,960 bytes)

Service
Display name:
SonicStage SCSI Service

Service name:
SSScsiSV

Type:
Win32OwnProcess

Depends on:
RPCSS


Remove SSScsiSV.EXE - Powered by Reason Core Security