idscservice.exe

The application idscservice.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IDSCPRODUCT’. While running, it connects to the Internet address dwl2.wizzlabs.com on port 80 using the HTTP protocol.
Description:
mezyen

Version:
2.1.2.1

MD5:
bb5a007ed10bcd3daf4b101bd5db8f45

SHA-1:
f11ddc5496a06b37a39b472678fb6f696b789e68

SHA-256:
bca3df7a1854e5ed088406e8c41c8863daa079d858f4c3dd423cb56e40753f12

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:46:06 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SpaceSoundPro.Meta (M)
16.4.6.4

File size:
672 KB (688,128 bytes)

Product version:
2.1.2.1

Copyright:
Copyright@2016

Original file name:
Ssapybzzix.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\hostify\idscservice.exe

File PE Metadata
Compilation timestamp:
4/6/2016 9:08:06 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
48.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:68gj9PxgcIhd3uEisneuA+gvScobakcnYfvVs0uOTqFf8gflK:VgjAh3uEiseuA3v/kcw9s0vOh8gfw

Entry address:
0x6DB8A

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1973

Code size:
431 KB (441,344 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
IDSCPRODUCT

Command:
"C:\Program Files\hostify\idscservice.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-39.ip.secureserver.net  (184.168.221.39:80)

TCP (HTTP):
Connects to dwl2.wizzlabs.com  (94.23.199.17:80)

TCP (HTTP):
Connects to mess5.wizzlabs.com  (176.31.106.195:80)

TCP (HTTP):
Connects to mess3.wizzlabs.com  (176.31.252.54:80)

TCP (HTTP):
Connects to dwl1.wizzlabs.com  (46.105.121.115:80)

Remove idscservice.exe - Powered by Reason Core Security