» system.exe
Overview
Analysis
File Details
Behaviors (1)

system.exe

Microsoft Windows

Microsoft inc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Adobe’.

File name:

system.exe

Publisher:

Microsoft inc

Product:

Microsoft Windows

Description:

Microsoft Windows Apps

Version:

24.1.2.0

MD5:

27d1ac95aac0255b325284d31202c5df

SHA-1:

7990681fed4048570b2ffc018dae52c8de55feec

SHA-256:

6fa0bcaa5fe52a53fe50955bf5104c71aab94b99b637ee4e46981246eb1ddb81

Scanner detections:

9 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/19/2024 11:23:20 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Bkav FE

W32.SalideD.Trojan

1.3.0.4959

Fortinet FortiGate

W32/Krypt.OOQ!tr

6/13/2014

McAfee

Artemis!27D1AC95AAC0

5600.7101

NANO AntiVirus

Riskware.Win32.HideExec.cqobuz

0.28.0.59921

Panda Antivirus

Trj/Dtcontx.I

14.06.13.07

Qihoo 360 Security

HEUR/Malware.QVM07.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Sulunch!6.665

23.00.65.14611

Trend Micro House Call

TROJ_GEN.F47V0524

7.2.164

Vba32 AntiVirus

Trojan.Siscos

3.12.26.0

File size:

61.1 KB (62,543 bytes)

Product version:

24.1.2.0

Microsoft inc

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\windows multimedia platform\system.exe

File PE Metadata

Compilation timestamp:

2/26/2013 9:39:54 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:pylfdxBCi4imGYRd43JfnPOlBAgW7nhsqzdjqiB9V1/IeAlqYWoPiZ:pytL48YRd43J/L7O2T/foI

Entry address:

0x5FE4

Entry point:

55, 8B, EC, 6A, FF, 68, E0, C0, 40, 00, 68, 28, 83, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 4C, C0, 40, 00, 33, D2, 8A, D4, 89, 15, FC, C5, F0, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, F8, C5, F0, 00, C1, E1, 08, 03, CA, 89, 0D, F4, C5, F0, 00, C1, E8, 10, A3, F0, C5, F0, 00, 33, F6, 56, E8, B1, 21, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, C4, 0D, 00, 00, FF, 15, 48, C0, 40, 00, A3, 64, DB, F0, 00, E8... 
[+]

Entropy:

5.9291

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

44 KB (45,056 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Adobe

Command:

C:\Program Files\windows multimedia platform\system.exe

Scan system.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.