winsysapp.exe

The application winsysapp.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WindowMessenger’. While running, it connects to the Internet address hostedc40.carrierzone.com on port 80 using the HTTP protocol.
MD5:
9e9719a9c15a7e34a32fd12ed925fc9f

SHA-1:
5dd6d67f7f0166e4b2e94dd86205123561e59e12

SHA-256:
e451104b5a0213cd500edc9e8198c0348e277a8a4af0c13b7ffe036c015542ad

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 12:32:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WinAlert (M)
17.2.15.13

File size:
584.5 KB (598,524 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
8/25/1995 5:55:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x64000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 1E, A5, 01, 20, 2B, 85, 85, AC, 01, 20, 89, 85, 81, AC, 01, 20, B0, 00, 86, 85, B6, AE, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, B1, AD, 01, 20, 00, 74, 33, 83, BD, B5, AD, 01, 20, 00, 74, 2A, 8B, 85, 81, AC, 01, 20, 2B, 85, B1, AD, 01, 20, 8B, 00, 89, 85, EE, AD, 01, 20, 8B, 85, 81, AC, 01, 20, 2B, 85, B5, AD, 01, 20, 8B, 00, 89, 85, F2, AD, 01, 20, EB, 61, 83, BD, B9, AD, 01, 20, 00, 74, 58, 8B, 85, 81, AC, 01, 20, 2B, 85, B9, AD, 01, 20, FF, 30, 8D, 85...
 
[+]

Entropy:
7.2724

Packer / compiler:
ASPack v1.08.04

Code size:
20 KB (20,480 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WindowMessenger

Command:
C:\recycler\{random}\winsysapp.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):
Connects to hostedc40.carrierzone.com  (64.29.151.221:80)

Remove winsysapp.exe - Powered by Reason Core Security