» SynciOSTransfer.exe
Overview
Analysis
File Details
Network (1)

SynciOSTransfer.exe

SynciOS Data Transfer

The executable SynciOSTransfer.exe has been detected as malware by 22 anti-virus scanners. While running, it connects to the Internet address mx0.anvsoft.com on port 80 using the HTTP protocol.

File name:

SynciOSTransfer.exe

Publisher:

SynciOS Data Transfer

Product:

SynciOS Data Transfer

Version:

1.1.4.1

MD5:

22c53349d4ebcfc6113b38ad8d5bd785

SHA-1:

68f0dc9897a83d5ccd47646019054fcecb0d24e7

SHA-256:

2c232befcae41f581c8baddd7d89ae5ce1010533ea6a020b96746cf08c84999b

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

11/5/2024 6:39:43 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Packer.Enigma.A

528

Arcabit

Packer.Enigma.A

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150826

Baidu Antivirus

Hacktool.Win32.EnigmaProtector

4.0.3.15826

Bitdefender

Packer.Enigma.A

1.0.20.1190

Bkav FE

HW32.Packed

1.3.0.6979

Emsisoft Anti-Malware

Packer.Enigma

8.15.08.26.10

ESET NOD32

Win32/Packed.EnigmaProtector.J suspicious (variant)

9.11898

Fortinet FortiGate

PossibleThreat

8/26/2015

F-Prot

W32/Heuristic-210

v6.4.7.1.166

F-Secure

Packer.Enigma.A

11.2015-26-08_4

G Data

Packer.Enigma

15.8.25

IKARUS anti.virus

Packer.Enigma.Generic

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.205.16474

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.1523

McAfee

Artemis!22C53349D4EB

5600.6662

MicroWorld eScan

Packer.Enigma.A

16.0.0.714

nProtect

Packer.Enigma.A

15.07.06.01

Qihoo 360 Security

HEUR/QVM18.1.Malware.Gen

1.0.0.1015

Trend Micro

TROJ_GEN.R08NC0OFP15

10.465.26

Vba32 AntiVirus

TrojanBanker.ChePro

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Packer.EnigmaProtector1.1X-1.3X

41772

File size:

2.1 MB (2,182,448 bytes)

Product version:

1.1.4

Original file name:

SynciOSTransfer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

6/4/2015 5:37:11 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:e6v/nEJEwALH2s+nYuExB+KHrqRSNpyVd2lI5uXOU:e6nEHAz2zn1EvfFzyVS/X

Entry address:

0x8D599

Entry point:

55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, A7, 09, 56, 00, E1, 81, 93, 0C, E6, 64, D9, 70, 51, E4, 02, 81, 0C, C6, 34, 17, B1, 05, F7, 72, 74, B8, B7, 26, 04, 6F, B4, CC, C9, B3, 8C, C7, FC, 29, 6E, 83, 69, BD, 25, 32, 65, 01, DC, 1C, 89, 3D, 0A, E0, B5, D3, B9, 11, C6, BC, B0, ED, A4, 02, 3D, 1B, 92, C3, 62, 87, E2, 79, B9, D5, 5B, 3D, A2, DF, 24, 77, 0A, AF, 55, 4F, 22, 68, 01, 6F, A3, DC, E1, 20, 3E, 57, 01, 67, FB, DD, 3C, B7, 06, B8, 87, EB, C2, B5... 
[+]

Entropy:

7.9569

Developed / compiled with:

Microsoft Visual C++

Code size:

1.6 MB (1,700,352 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to mx0.anvsoft.com (206.190.141.79:80)

Remove SynciOSTransfer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.