mdquickyksvc.exe

ModenQuick Service

USENET

The application mdquickyksvc.exe, “ModenQuick Service Helper” by USENET has been detected as a potentially unwanted program by 18 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Windows MineService Update Class (yk)”. While running, it connects to the Internet address 192.193.28.185.gransy.com on port 80 using the HTTP protocol.
Publisher:
PT. USENET  (signed by USENET)

Product:
ModenQuick Service

Description:
ModenQuick Service Helper

Version:
1, 1, 37, 0

MD5:
bbadd68137c362d45fb93438ce91a35a

SHA-1:
6d5d6bbd25d6c865153398ad0b73dbde3dd5a9ab

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
12/29/2024 11:51:29 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Kraddare
7.1.1

Avira AntiVirus
Adware/WinAgir.A.385
7.11.64.154

avast!
Win32:Adware-AEX [Adw]
2014.9-170217

AVG
Generic5
2018.0.2465

Bitdefender
Application.Generic.416440
1.0.20.240

Comodo Security
UnclassifiedMalware
15546

ESET NOD32
Win32/Adware.Kraddare.AI (variant)
11.8108

F-Secure
Application.Generic.416440
11.2017-17-02_6

G Data
Application.Generic.416440
17.2.22

IKARUS anti.virus
AdWare.Win32.WinAgir
t3scan.2.0.0.0

Malwarebytes
Adware.Kraddare
v2017.02.17.02

Microsoft Security Essentials
Adware:Win32/WinAgir
1.163.1557.0

MicroWorld eScan
Application.Generic.416440
18.0.0.144

Panda Antivirus
Trj/CI.A
17.02.17.02

SUPERAntiSpyware
Trojan.Agent/Gen-Jorik
8587

Trend Micro House Call
TROJ_GEN.RCBCDJO
7.2.48

Trend Micro
TROJ_GEN.RCBCDJO
10.465.17

VIPRE Antivirus
Trojan.Win32.Generic
16000

File size:
105 KB (107,520 bytes)

Product version:
1, 1, 37, 0

Copyright:
Copyright (C) 2009

Trademarks:
ModenQuick

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\modenquick\mdquickyksvc.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/1/2011 9:00:00 AM

Valid to:
4/1/2012 8:59:59 AM

Subject:
CN=USENET, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=USENET, L=Kumingan Barat No.8, S=Jakarta, C=ID

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
135E046F1C85E3B019A1844C115E3464

File PE Metadata
Compilation timestamp:
12/7/2011 7:04:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x861E

Entry point:
55, 8B, EC, 6A, FF, 68, 08, 15, 41, 00, 68, 2C, D1, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 98, 11, 41, 00, 33, D2, 8A, D4, 89, 15, E0, F5, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, DC, F5, 41, 00, C1, E1, 08, 03, CA, 89, 0D, D8, F5, 41, 00, C1, E8, 10, A3, D4, F5, 41, 00, 33, F6, 56, E8, DA, 26, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, C4, 48, 00, 00, FF, 15, 94, 11, 41, 00, A3, AC, 0C, 42, 00, E8...
 
[+]

Entropy:
5.8836

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
64 KB (65,536 bytes)

Service
Display name:
Windows MineService Update Class (yk)

Service name:
Windows MineService Update Class 1.1.37.0

Description:
Enables the download and update of MineService.

Type:
Win32OwnProcess


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 192.193.28.185.gransy.com  (185.28.193.192:80)

Remove mdquickyksvc.exe - Powered by Reason Core Security