windihepssvc.exe

ModinHeps Service

USENET

The application windihepssvc.exe, “ModinHeps Diagnostics Service” by USENET has been detected as a potentially unwanted program by 24 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Windows MineService Diagnostics Service”. While running, it connects to the Internet address 192.193.28.185.gransy.com on port 80 using the HTTP protocol.
Publisher:
PT.USENET  (signed by USENET)

Product:
ModinHeps Service

Description:
ModinHeps Diagnostics Service

Version:
1, 0, 0, 9

MD5:
8ca4aa9d18e56b152e5b205f39d1c9c2

SHA-1:
d4e31a99d2df9977ba26c18c49d954cd99131237

SHA-256:
7e97173d83cca2a62c80030f1811c2d35cc6aec15438c8a3e8a3ae6d45f52f45

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 9:03:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Symmi.10902
179

AhnLab V3 Security
PUP/Win32.ModernPlus
2016.06.20

Avira AntiVirus
SPR/Tool.86928.7
8.3.3.4

Arcabit
Trojan.Adware.Symmi.D2A96
1.0.0.741

avast!
Win32:Adware-ADQ [PUP]
2014.9-160808

AVG
Generic5
2017.0.2657

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.1688

Bitdefender
Gen:Variant.Adware.Symmi.10902
1.0.20.1105

Bkav FE
W32.HfsAdware
1.3.0.8042

Comodo Security
UnclassifiedMalware
25289

Dr.Web
Trojan.Adkor.342
9.0.1.0221

Emsisoft Anti-Malware
Gen:Variant.Adware.Symmi.10902
8.16.08.08.02

ESET NOD32
Win32/Adware.Kraddare.FQ (variant)
10.13672

Fortinet FortiGate
Riskware/Kraddare
8/8/2016

F-Secure
Gen:Variant.Adware.Symmi
11.2016-08-08_2

G Data
Gen:Variant.Adware.Symmi.10902
16.8.25

IKARUS anti.virus
not-a-virus:AdWare.Win32.WinAgir
t3scan.2.1.6.0

K7 AntiVirus
Adware
13.230.19973

Malwarebytes
Adware.Kraddare
v2016.08.08.02

MicroWorld eScan
Gen:Variant.Adware.Symmi.10902
17.0.0.663

NANO AntiVirus
Trojan.Win32.Kraddare.cohirs
1.0.38.8881

Sophos
Kraddare (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic
50242

Zillya! Antivirus
Adware.Kraddare.Win32.2419
2.0.0.2922

File size:
84.9 KB (86,928 bytes)

Product version:
1, 0, 0, 9

Copyright:
Copyright (C) 2009

Trademarks:
ModinHeps

Original file name:
windihepssvc.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\windihepssvc.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/1/2011 9:00:00 AM

Valid to:
4/1/2012 8:59:59 AM

Subject:
CN=USENET, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=USENET, L=Kumingan Barat No.8, S=Jakarta, C=ID

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
135E046F1C85E3B019A1844C115E3464

File PE Metadata
Compilation timestamp:
12/7/2011 6:59:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:bW0Un8vBR6cPlePiPn1RpVSpE1H8SwIYPWVkSzEqhCEjKPlquPJskmLtlMMH1Gh5:bTxeuqpEcSLVkSLjlaJHmLtlSh5

Entry address:
0x5DEE

Entry point:
55, 8B, EC, 6A, FF, 68, 40, D2, 40, 00, 68, 68, 9D, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 6C, D1, 40, 00, 33, D2, 8A, D4, 89, 15, D4, 35, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, D0, 35, 41, 00, C1, E1, 08, 03, CA, 89, 0D, CC, 35, 41, 00, C1, E8, 10, A3, C8, 35, 41, 00, 33, F6, 56, E8, A2, 10, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 51, 3D, 00, 00, FF, 15, 68, D1, 40, 00, A3, 28, 4C, 41, 00, E8...
 
[+]

Entropy:
5.4164

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
48 KB (49,152 bytes)

Service
Display name:
Windows MineService Diagnostics Service

Description:
Enables the diagnostic of MineService.

Type:
Win32OwnProcess


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 192.193.28.185.gransy.com  (185.28.193.192:80)

Remove windihepssvc.exe - Powered by Reason Core Security