system.exe..

The file system.exe.. has been detected as malware by 36 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘5a5a9a89a1f599bcd4ac837d5a114bbd’. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.
MD5:
6f623a7c14ee033b8897283ebb836f45

SHA-1:
df18ffd95fe2175423c0010b50438e46f86fef2c

SHA-256:
31f59af79a0efb3cb3f92010c5c804bf509bc8ff1f2dd16c79fe0f6243cc2c4f

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
11/29/2024 4:43:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Generic.MSIL.Bladabindi.4A412183
-40

AegisLab AV Signature
Troj.W32.Gen.lZFZ
2.1.4+

AhnLab V3 Security
Trojan/Win32.Generic.R108665
3.8.3.16

Avira AntiVirus
TR/ATRAPS.Gen
8.3.3.4

Arcabit
Generic.MSIL.Bladabindi.4A412183
1.0.0.795

avast!
MSIL:Agent-CTT [Trj]
2014.9-170316

AVG
PSW.ILUSpy
2018.0.2438

Baidu Antivirus
MSIL.Backdoor.Bladabindi
4.0.3.17316

Bitdefender
Generic.MSIL.Bladabindi.4A412183
1.0.20.375

Clam AntiVirus
Win.Trojan.B-468
0.99.211

Comodo Security
TrojWare.MSIL.Bladabindi.KX
26695

Dr.Web
Trojan.DownLoader10.25626
9.0.1.075

Emsisoft Anti-Malware
Generic.MSIL.Bladabindi.4A412183
8.17.03.16.08

ESET NOD32
MSIL/Bladabindi.AS (variant)
11.15029

Fortinet FortiGate
MSIL/Agent.PPV!tr
3/16/2017

F-Prot
W32/MSIL_Bladabindi.A2.gen
v6.4.7.1.166

F-Secure
Generic.MSIL.Bladabindi.4A412183
11.2017-16-03_5

G Data
Generic.MSIL.Bladabindi.4A412183
17.3.25

IKARUS anti.virus
Trojan.MSIL.Bladabindi
0.2.1.2

K7 AntiVirus
Trojan
13.10.3.22610

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1317

Malwarebytes
Trojan.Agent.MSIL
v2017.03.16.08

McAfee
Trojan-FIGN
5600.6094

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AJ
1.1.13504.0

MicroWorld eScan
Generic.MSIL.Bladabindi.4A412183
18.0.0.225

NANO AntiVirus
Trojan.Win32.DownLoader10.ctopxm
1.0.70.15657

Panda Antivirus
Trj/GdSda.A
17.03.16.08

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

Quick Heal
Backdoor.Bladabindi.AL3
3.17.14.00

Sophos
Mal/Bbindi-C
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Barys
8532

Total Defense
Win32/DotNetDl.A!generic
37.1.62.1

Trend Micro House Call
BKDR_BLADABI.SMC
7.2.75

Trend Micro
BKDR_BLADABI.SMC
10.465.16

VIPRE Antivirus
Backdoor.MSIL.Bladabindi.a
56382

Zillya! Antivirus
Trojan.Bladabindi.Win32.15140
2.0.0.3221

File size:
28.5 KB (29,184 bytes)

Common path:
C:\windows\system.exe..

File PE Metadata
Compilation timestamp:
2/8/2017 10:35:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x890E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
26.5 KB (27,136 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
5a5a9a89a1f599bcd4ac837d5a114bbd

Command:
"C:\windows\system.exe"..


Remove system.exe.. - Powered by Reason Core Security