home

winsysapp.exe

The application winsysapp.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address custip-1109.sedoparking.com on port 80 using the HTTP protocol.
MD5:
c852c40303f610a13433374cb4959693

SHA-1:
f10524a83c8dca43c2ae7c4af786dd2b4f49a72a

SHA-256:
4d9d7f1fe3b5ebf8b44cbf54045f647d6d66fcf62c7c98d29cb8012988942bb1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 3:57:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WinAlert (M)
17.3.14.7

File size:
464 KB (475,136 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x5581

Entry point:
8D, 2D, 70, 3E, 9F, 71, C6, C6, 47, 34, 1D, 0F, AF, F7, B6, C7, 8A, DC, 70, 04, 30, F6, F3, F2, 69, D6, C6, EE, 5F, 13, 30, C8, 85, C3, 2D, 35, 5F, C0, 5C, 0F, BE, DD, 2B, D2, BE, AD, BE, 00, 00, 8A, FB, 89, DF, 80, F6, A6, 81, F6, 20, 23, 00, 00, 20, C0, 30, EA, 81, F6, CB, 0C, 00, 00, 77, 05, B7, 65, 0F, AF, D0, 6B, C9, 00, 8B, D8, 88, CA, 0F, C1, F1, 88, E4, C7, C7, 1F, C1, 05, 9D, 81, C1, 64, 0A, 00, 00, 1B, EB, 0F, AF, CE, 87, D3, 68, BD, AA, 5A, 00, 56, 49, 0F, B6, CD, 85, F7, 85, D1, 69, CB, 31, 64...
 
[+]

Entropy:
7.0909

Code size:
20 KB (20,480 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static-199-27-179-185.megatrhost.com  (185.179.27.199:80)

TCP (HTTP):
Connects to fm.interiowo.pl  (217.74.66.160:80)

TCP (HTTP):
Connects to custip-1109.sedoparking.com  (91.195.240.109:80)

TCP (HTTP):
Connects to 213.202.229.103.static.rdns-uclo.net  (213.202.229.103:80)

Remove winsysapp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.