sysmon.exe

Viatlio Corporation

The executable sysmon.exe has been detected as malware by 23 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named Sysmon triggered to execute each time a user logs in.
Publisher:
Viatlio Corporation  (signed and verified)

MD5:
7bfd6b3dc651752573614d7db2f419d6

SHA-1:
7f188e9e02ed08603c07ef92bc0ae8b69d87fad1

SHA-256:
6fd9049fea0ea4621a9dea58d69ba1f2fbdb2e6571dee6ddfae741250749d9d5

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
11/27/2024 5:42:21 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Razy.37189
284

Avira AntiVirus
TR/Dropper.MSIL.wvkb
8.3.3.4

Arcabit
Trojan.Razy.D9145
1.0.0.672

avast!
Win32:Malware-gen
2014.9-160425

AVG
MSIL10
2017.0.2762

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16425

Bitdefender
Gen:Variant.Razy.37189
1.0.20.580

Emsisoft Anti-Malware
Gen:Variant.Razy.37189
8.16.04.25.07

ESET NOD32
MSIL/Injector.OUU (variant)
10.13383

Fortinet FortiGate
MSIL/Injector.OSK!tr
4/25/2016

F-Secure
Gen:Variant.Razy.37189
11.2016-25-04_2

G Data
Gen:Variant.Razy.37189
16.4.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.222.19405

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.306

McAfee
Trojan-FIHN!7BFD6B3DC651
5600.6418

Microsoft Security Essentials
VirTool:MSIL/Injector.IX
1.1.12603.0

MicroWorld eScan
Gen:Variant.Razy.37189
17.0.0.348

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16423

Trend Micro
TROJ_GEN.R02KC0VDF16
10.465.25

VIPRE Antivirus
Trojan.Win32.Generic
48882

Zillya! Antivirus
Backdoor.AndromCRTD.Win32.2
2.0.0.2809

File size:
542.5 KB (555,528 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\sysmon.exe

Digital Signature
Authority:
Viatlio Corporation

Valid from:
4/2/2016 7:02:53 PM

Valid to:
4/3/2017 7:02:53 PM

Subject:
E=viat@lio.com, CN=Viat Lio, OU=NAS Dept., O=Viatlio Corporation, L=Sydney, S=New South Wales, C=AU

Issuer:
E=viat@lio.com, CN=Viat Lio, OU=NAS Dept., O=Viatlio Corporation, L=Sydney, S=New South Wales, C=AU

Serial number:
00F2C8FB738509EF37

File PE Metadata
Compilation timestamp:
4/10/2016 4:08:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:4U3QgeLllITJuuk3wvdfiEWSaN2k3Ewo0Yl:/Ageh2QukgoESN2kUwBYl

Entry address:
0x7DDBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 02, 00, 03, 00, 00, 00, 20, 00, 00, 80, 0E, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9073

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
495.5 KB (507,392 bytes)

Scheduled Task
Task name:
Sysmon

Path:
\Update\Sysmon

Trigger:
Logon (Runs on logon)


Remove sysmon.exe - Powered by Reason Core Security