SynciOSTransfer.exe

SynciOS Data Transfer

The executable SynciOSTransfer.exe has been detected as malware by 22 anti-virus scanners. While running, it connects to the Internet address mx0.anvsoft.com on port 80 using the HTTP protocol.
Publisher:
SynciOS Data Transfer

Product:
SynciOS Data Transfer

Version:
1.1.4.1

MD5:
22c53349d4ebcfc6113b38ad8d5bd785

SHA-1:
68f0dc9897a83d5ccd47646019054fcecb0d24e7

SHA-256:
2c232befcae41f581c8baddd7d89ae5ce1010533ea6a020b96746cf08c84999b

Scanner detections:
22 / 68

Status:
Malware

Analysis date:
12/27/2024 11:32:16 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Packer.Enigma.A
528

Arcabit
Packer.Enigma.A
1.0.0.425

avast!
Win32:Malware-gen
2014.9-150826

Baidu Antivirus
Hacktool.Win32.EnigmaProtector
4.0.3.15826

Bitdefender
Packer.Enigma.A
1.0.20.1190

Bkav FE
HW32.Packed
1.3.0.6979

Emsisoft Anti-Malware
Packer.Enigma
8.15.08.26.10

ESET NOD32
Win32/Packed.EnigmaProtector.J suspicious (variant)
9.11898

Fortinet FortiGate
PossibleThreat
8/26/2015

F-Prot
W32/Heuristic-210
v6.4.7.1.166

F-Secure
Packer.Enigma.A
11.2015-26-08_4

G Data
Packer.Enigma
15.8.25

IKARUS anti.virus
Packer.Enigma.Generic
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.205.16474

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1523

McAfee
Artemis!22C53349D4EB
5600.6662

MicroWorld eScan
Packer.Enigma.A
16.0.0.714

nProtect
Packer.Enigma.A
15.07.06.01

Qihoo 360 Security
HEUR/QVM18.1.Malware.Gen
1.0.0.1015

Trend Micro
TROJ_GEN.R08NC0OFP15
10.465.26

Vba32 AntiVirus
TrojanBanker.ChePro
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Packer.EnigmaProtector1.1X-1.3X
41772

File size:
2.1 MB (2,182,448 bytes)

Product version:
1.1.4

Copyright:
TODO: (c) syncios.com. All rights reserved.

Original file name:
SynciOSTransfer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
6/4/2015 5:37:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:e6v/nEJEwALH2s+nYuExB+KHrqRSNpyVd2lI5uXOU:e6nEHAz2zn1EvfFzyVS/X

Entry address:
0x8D599

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, A7, 09, 56, 00, E1, 81, 93, 0C, E6, 64, D9, 70, 51, E4, 02, 81, 0C, C6, 34, 17, B1, 05, F7, 72, 74, B8, B7, 26, 04, 6F, B4, CC, C9, B3, 8C, C7, FC, 29, 6E, 83, 69, BD, 25, 32, 65, 01, DC, 1C, 89, 3D, 0A, E0, B5, D3, B9, 11, C6, BC, B0, ED, A4, 02, 3D, 1B, 92, C3, 62, 87, E2, 79, B9, D5, 5B, 3D, A2, DF, 24, 77, 0A, AF, 55, 4F, 22, 68, 01, 6F, A3, DC, E1, 20, 3E, 57, 01, 67, FB, DD, 3C, B7, 06, B8, 87, EB, C2, B5...
 
[+]

Entropy:
7.9569

Developed / compiled with:
Microsoft Visual C++

Code size:
1.6 MB (1,700,352 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to mx0.anvsoft.com  (206.190.141.79:80)

Remove SynciOSTransfer.exe - Powered by Reason Core Security