mdruyksvc.exe

ModernRu Service

USENET

The application mdruyksvc.exe, “ModernRu Service Helper” by USENET has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Windows MineService Update Class (yk)”. While running, it connects to the Internet address 192.193.28.185.gransy.com on port 80 using the HTTP protocol.
Publisher:
PT. USENET  (signed by USENET)

Product:
ModernRu Service

Description:
ModernRu Service Helper

Version:
1, 1, 37, 0

MD5:
b6a44ff51af67ed0f2ab27f748f412e7

SHA-1:
dbc72dd1e6f29947c90cd34481ea6086e75b597b

SHA-256:
25e40b915dbf96433810c91b87979f0bf1e3647595a599d68b2cb96d9d601d49

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 7:17:43 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Adware Generic5.XNM
2013.0.4756

Dr.Web
Trojan.Adkor.342
9.0.1.05190

ESET NOD32
Win32/Adware.Kraddare.AI application
6.3.12010.0

File size:
105 KB (107,504 bytes)

Product version:
1, 1, 37, 0

Copyright:
Copyright (C) 2009

Trademarks:
ModernRu

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\modernru\mdruyksvc.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/31/2011 7:00:00 PM

Valid to:
3/31/2012 6:59:59 PM

Subject:
CN=USENET, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=USENET, L=Kumingan Barat No.8, S=Jakarta, C=ID

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
135E046F1C85E3B019A1844C115E3464

File PE Metadata
Compilation timestamp:
12/7/2011 4:04:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x861E

Entry point:
55, 8B, EC, 6A, FF, 68, 08, 15, 41, 00, 68, 2C, D1, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 98, 11, 41, 00, 33, D2, 8A, D4, 89, 15, C0, F5, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, BC, F5, 41, 00, C1, E1, 08, 03, CA, 89, 0D, B8, F5, 41, 00, C1, E8, 10, A3, B4, F5, 41, 00, 33, F6, 56, E8, DA, 26, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, C4, 48, 00, 00, FF, 15, 94, 11, 41, 00, A3, 8C, 0C, 42, 00, E8...
 
[+]

Entropy:
5.8819

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
64 KB (65,536 bytes)

Service
Display name:
Windows MineService Update Class (yk)

Service name:
Windows MineService Update Class 1.1.37.0

Description:
Enables the download and update of MineService.

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 192.193.28.185.gransy.com  (185.28.193.192:80)

TCP (HTTP):
Connects to 104.238.158.235.vultr.com  (104.238.158.235:80)

Remove mdruyksvc.exe - Powered by Reason Core Security