Trojan.Symmy.W

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	9,134
Threat Level:	80 % (High)
Infected Computers:	189

First Seen:	August 10, 2021
Last Seen:	April 12, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Symmy.W
Signature status:	No Signature

Known Samples

MD5: 364ab5256d7deb3b7048a923a2095ce3

SHA1: 57b825b12e0100bad5e561b386995c9079a83984

SHA256: B95948AA62C5C891CCC62E5914ED8B65226A348D0AB72A52CED51AFE9EA14172

File Size: 5.89 MB, 5887488 bytes

MD5: 716e6b6fa8d3607367c66aeca324bbfe

SHA1: e035ab8eb51df185db7c92c4f7d870523bf91306

SHA256: 9AF8381CF39FC1F6AFA0BE16DD129AEABBD07739E8F8A2174D207204534405B0

File Size: 3.88 MB, 3876352 bytes

MD5: e8bd5f1fffb94e55ca894b4c1f177c39

SHA1: 373a31f41fb16786a9dd7688c4589e25de34b53b

SHA256: 4AF5CFBF2E3C128841C9EA59D6599A642B4A2711773C5AF1F1B7B05CBAC4DCDD

File Size: 4.63 MB, 4625103 bytes

MD5: 047d974555765dd62e6fdc491c214b14

SHA1: 0bceb2f8862741dfa76f678501c5b97dda6dcc32

SHA256: DA665B4A0177BB57006C68DDC2D59778D7D12C17143F502BB1EBDB5C89C119E7

File Size: 4.68 MB, 4675584 bytes

MD5: 52e70c4e4dc82349d46a67fd3f12b627

SHA1: e13d3f7300527ade2e29787d63b9b1da9661cc29

SHA256: B20BB2DA3C2F460449EFDF4634A88DE1EA132B4F6562869A0F53BB7CD3B93558

File Size: 3.88 MB, 3877888 bytes

MD5: 67da536a3e097efc1afd71513af27a77

SHA1: 51a9402df930fe32371e7434e5658d6f850e9a69

SHA256: 2DE69B63EFE8AB3CFEB1C7374C87CC145538F4C1AAD1F0D32FB6CA88E6F294AE

File Size: 4.01 MB, 4014080 bytes

MD5: 7006f861dd4c9cfb482edfe2b433e6ab

SHA1: 992a37a390d32cd64d1dd4e899d64853d59a9153

SHA256: 33EDB1D231437F0287B15B33D604F0785971F639852DE6050A606BB4A1B1BCED

File Size: 4.70 MB, 4702208 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	This installation was built with Inno Setup.
Company Name	Drobinski Maciej StrongRecovery Microsoft Synaptics
File Description	StrongRecovery Setup Synaptics Pointing Device Driver
File Version	4.6.4.1 1.00 1.0.0.4
Internal Name	Win
Original Filename	Win.exe
Product Name	StrongRecovery Synaptics Pointing Device Driver Win
Product Version	4.6.4.1 1.00 1.0.0.0

Digital Signatures

Signer	Root	Status
trust_45e5d4a0-d89e-412a-bf22-a6daa1091fad	trust_45e5d4a0-d89e-412a-bf22-a6daa1091fad	Self Signed

File Traits

2+ executable sections
dll
HighEntropy
No Version Info
x86

Files Modified

File	Attributes
c:\programdata\synaptics	Synchronize,Write Attributes
c:\programdata\synaptics\rcxac67.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\rcxbc60.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe	Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe	Synchronize,Write Data
c:\users\user\appdata\local\temp\qib11cw.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winsl	Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l1\8\2026	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_0bceb2f8862741dfa76f678501c5b97dda6dcc32_0004675584	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\downloads\._cache_0bceb2f8862741dfa76f678501c5b97dda6dcc32_0004675584	Synchronize,Write Attributes
c:\users\user\downloads\._cache_992a37a390d32cd64d1dd4e899d64853d59a9153_0004702208	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_992a37a390d32cd64d1dd4e899d64853d59a9153_0004702208	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver	C:\ProgramData\Synaptics\Synaptics.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Other Suspicious	SetWindowsHookEx
Service Control	OpenSCManager
Process Shell Execute	ShellExecuteEx
Process Manipulation Evasion	NtUnmapViewOfSection
Network Winsock2	WSAStartup WSAttemptAutodialName
User Data Access	GetUserObjectInformation
Network Winhttp	WinHttpOpen
Network Wininet	InternetOpen InternetOpenUrl InternetReadFile
Network Winsock	bind closesocket gethostbyname getsockname socket

Shell Command Execution


							runas c:\users\user\downloads\._cache_0bceb2f8862741dfa76f678501c5b97dda6dcc32_0004675584


							runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate


							runas c:\users\user\downloads\._cache_992a37a390d32cd64d1dd4e899d64853d59a9153_0004702208

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Symmy.W

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Trojan.Injector.KSB

Forestrievic.com

Pencetbnb.xyz

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen