» syk160.exe
Overview
Analysis
File Details
Downloads (1)
Network (18)

syk160.exe

SilentInstaller

The application syk160.exe has been detected as a potentially unwanted program by 33 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from deu04z3f41ov0.cloudfront.net. While running, it connects to the Internet address sgsg02.proinity.net on port 80 using the HTTP protocol.

File name:

syk160.exe

Product:

SilentInstaller

Version:

1.0.0.1

MD5:

7b1977dca8506d7aa3b23732aeca6a26

SHA-1:

f0cf92c5e55ff53c63523632d97f6b62688b4d50

SHA-256:

3c775195531506ea85ea9ac987fb74b2160d59e8bb22cb3288c0b98417fd53b3

Scanner detections:

33 / 68

Status:

Potentially unwanted

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

11/2/2024 1:35:50 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2662559

501

Agnitum Outpost

PUA.Agent

7.1.1

Avira AntiVirus

TR/Dropper.MSIL.Gen

8.3.1.6

Arcabit

Trojan.Generic.D28A09F

1.0.0.525

avast!

Win32:Dropper-gen [Drp]

2014.9-150921

AVG

MSIL8

2016.0.2979

Baidu Antivirus

Adware.MSIL.Imali

4.0.3.15921

Bitdefender

Trojan.GenericKD.2662559

1.0.20.1320

Comodo Security

ApplicUnwnt

23211

Dr.Web

Trojan.Crossrider1.48337

9.0.1.0264

Emsisoft Anti-Malware

Trojan.GenericKD.2662559

8.15.09.21.03

ESET NOD32

MSIL/Adware.Imali (variant)

9.12234

Fortinet FortiGate

Dropper!tr

9/21/2015

F-Secure

Trojan.GenericKD.2662559

11.2015-21-09_2

G Data

Trojan.GenericKD.2662559

15.9.25

herdProtect (fuzzy)

variant of sdf5463.exe (Adware)

2015.10.4.0

IKARUS anti.virus

AdWare.MSIL.Imali

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.210.17180

Kaspersky

not-a-virus:AdWare.MSIL.Agent

14.0.0.1392

Malwarebytes

Trojan.MSIL.Dropper

v2015.09.21.03

McAfee

RDN/Generic Dropper

5600.6635

MicroWorld eScan

Trojan.GenericKD.2662559

16.0.0.792

NANO AntiVirus

Riskware.Win32.NPXC3165.dvuucl

0.30.24.3283

nProtect

Trojan.GenericKD.2662559

15.09.10.01

Panda Antivirus

Trj/CI.A

15.09.21.03

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Quick Heal

AdWare.MSIL.r3 (Not a Virus)

9.15.14.00

Sophos

Offer Installer (PUA)

4.98

SUPERAntiSpyware

Adware.Kazy/Variant

9616

Trend Micro House Call

ADW_CROSSRIDER

7.2.264

Trend Micro

ADW_CROSSRIDER

10.465.21

VIPRE Antivirus

Trojan.Win32.Generic

43650

Zillya! Antivirus

Adware.Agent.Win32.73374

2.0.0.2393

File size:

329 KB (336,896 bytes)

Product version:

1.0.0.1

Original file name:

SilentInstaller_dotnet4.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\Local settings\temp\syk160.exe

File PE Metadata

Compilation timestamp:

8/18/2015 1:34:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:6GdrKKFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5VggXNLtVL:68rKOZwgVxGq86oH/MKvnolgggXNBx

Entry address:

0x531CE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00... 
[+]

Entropy:

7.8274

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

324.5 KB (332,288 bytes)

The file syk160.exe has been seen being distributed by the following URL.

http://deu04z3f41ov0.cloudfront.net/silentinstaller/.../SilentInstaller_dotnet4.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-52-1-45-42.compute-1.amazonaws.com (52.1.45.42:80)

TCP (HTTP):

Connects to server-52-85-63-140.lhr50.r.cloudfront.net (52.85.63.140:80)

TCP (HTTP):

Connects to ns3055507.ip-193-70-8.eu (193.70.8.80:80)

TCP (HTTP):

Connects to dwl2.wizzlabs.com (94.23.199.17:80)

TCP (HTTP):

Connects to server-52-85-77-10.lax3.r.cloudfront.net (52.85.77.10:80)

TCP (HTTP):

Connects to sgsg04.proinity.net (103.254.155.219:80)

TCP (HTTP):

Connects to server-52-85-77-61.lax3.r.cloudfront.net (52.85.77.61:80)

TCP (HTTP):

Connects to ju171.jupiter.fastwebserver.de (89.163.148.171:80)

TCP (HTTP):

Connects to server-54-230-216-184.mrs50.r.cloudfront.net (54.230.216.184:80)

TCP (HTTP):

Connects to server-52-84-230-167.sfo9.r.cloudfront.net (52.84.230.167:80)

TCP (HTTP):

Connects to sgsg02.proinity.net (119.81.66.229:80)

TCP (HTTP):

Connects to sgsg01.proinity.net (119.81.66.215:80)

TCP (HTTP):

Connects to server-54-230-95-18.fra2.r.cloudfront.net (54.230.95.18:80)

TCP (HTTP):

Connects to server-52-85-83-67.lax1.r.cloudfront.net (52.85.83.67:80)

TCP (HTTP):

Connects to server-52-85-77-69.lax3.r.cloudfront.net (52.85.77.69:80)

TCP (HTTP):

Connects to server-52-85-77-4.lax3.r.cloudfront.net (52.85.77.4:80)

TCP (HTTP):

Connects to server-52-85-77-237.lax3.r.cloudfront.net (52.85.77.237:80)

TCP (HTTP):

Connects to server-52-84-246-247.sfo20.r.cloudfront.net (52.84.246.247:80)

Remove syk160.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.