sys.exe

流量精灵

精灵软件

The application sys.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. While running, it connects to the Internet address pfs-lb1c.srv.proceau.net on port 80 using the HTTP protocol.
Publisher:
精灵软件

Product:
流量精灵

Version:
2014.10.10.101

MD5:
e9c877622141b1d7544c0350f9ef3f5f

SHA-1:
9f24efa8a1f511f9421e662e0e5eb5a6a95a3149

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 1:57:43 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Clicker
2015.03.10

Avira AntiVirus
TR/Rogue.639488.4
7.11.215.140

Baidu Antivirus
Hacktool.Win32.FlowSpirit
4.0.3.15312

Dr.Web
Trojan.DownLoader11.37669
9.0.1.071

ESET NOD32
Win32/FlowSpirit.H potentially unsafe (variant)
9.11295

Fortinet FortiGate
Riskware/FlowSpirit
3/12/2015

IKARUS anti.virus
Trojan.Rogue
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.200.15211

McAfee
RDN/Generic PUP.x!c2d
5600.6829

NANO AntiVirus
Trojan.Win32.FlowSpirit.dgozjr
0.30.0.296

Qihoo 360 Security
HEUR/QVM09.0.Malware.Gen
1.0.0.1015

Sophos
Generic PUA JP
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00B215
7.2.71

Trend Micro
TROJ_GEN.F0C2C00B215
10.465.12

VIPRE Antivirus
Trojan.Win32.Generic
38286

File size:
624.5 KB (639,488 bytes)

Product version:
4.0.4.1

Copyright:
Copyright 2012 Spiritsoft All Rights Reserved.

Original file name:
jingling.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (PRC)

File PE Metadata
Compilation timestamp:
10/10/2014 10:14:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:xBWWb/JKDPHGz9Dv4EcBCTmvF2W0O3sBlox3hT0GunF5SV65RQ0:fTKDPHGz9Dv4DCTmv8fOC6LTbunF5SV8

Entry address:
0x4FDE6

Entry point:
E8, F7, BF, 00, 00, E9, 17, FE, FF, FF, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1, 00, 01, 01, 81, 75, 1C, 25, 00, 01, 01, 81, 74, D3, 25...
 
[+]

Entropy:
6.5012

Code size:
435.5 KB (445,952 bytes)

Windows Firewall Allowed Program
Name:
C:\Documents and Settings\Admin\Desktop\sys.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to unknown.telstraglobal.net  (210.176.46.50:80)

TCP (HTTP SSL):
Connects to a23-223-99-101.deploy.static.akamaitechnologies.com  (23.223.99.101:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-mrs1.fbcdn.net  (31.13.75.12:443)

TCP (HTTP):
Connects to server-52-85-47-160.mad50.r.cloudfront.net  (52.85.47.160:80)

TCP (HTTP):
Connects to pages-wildcard.weebly.com  (199.34.228.54:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-mrs1.facebook.com  (31.13.75.8:443)

TCP (HTTP):
Connects to edge-star-mini-shv-01-mrs1.facebook.com  (31.13.75.36:80)

TCP (HTTP):
Connects to ec2-52-214-100-0.eu-west-1.compute.amazonaws.com  (52.214.100.0:80)

TCP (HTTP):
Connects to ec2-35-160-151-114.us-west-2.compute.amazonaws.com  (35.160.151.114:80)

TCP (HTTP SSL):
Connects to a23-214-210-7.deploy.static.akamaitechnologies.com  (23.214.210.7:443)

TCP (HTTP):
Connects to web13.easyname.com  (185.51.8.56:80)

TCP (HTTP):
Connects to cpro6100.publiccloud.com.br  (186.202.70.125:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-fra3.fbcdn.net  (31.13.93.7:80)

TCP (HTTP):
Connects to pfs-lb1c.srv.proceau.net  (195.20.15.35:80)

TCP (HTTP):
Connects to host.lievanosan.com  (64.150.189.114:80)

TCP (HTTP):
Connects to 163-172-15-89.rev.poneytelecom.eu  (163.172.15.89:80)

TCP (HTTP):
Connects to server-54-230-197-190.lhr50.r.cloudfront.net  (54.230.197.190:80)

TCP (HTTP SSL):
Connects to server.skylayers.com  (148.251.30.113:443)

TCP (HTTP):
Connects to IZU17D6GWZOZ  (47.88.22.102:80)

TCP (HTTP):
Connects to ec2-52-30-190-220.eu-west-1.compute.amazonaws.com  (52.30.190.220:80)

Remove sys.exe - Powered by Reason Core Security