windilandsvc.exe

ModinLand Service

USENET

The application windilandsvc.exe, “ModinLand Diagnostics Service” by USENET has been detected as a potentially unwanted program by 13 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Windows MineService Diagnostics Service”. While running, it connects to the Internet address 192.193.28.185.gransy.com on port 80 using the HTTP protocol.
Publisher:
PT.USENET  (signed by USENET)

Product:
ModinLand Service

Description:
ModinLand Diagnostics Service

Version:
1, 0, 0, 9

MD5:
3c14d2aa2eb6493efc2068bb1bdb041e

SHA-1:
25381f2d90acfb78d51b196484e2b9ab0a127d01

SHA-256:
f195af87019527ead19be5ee15632a7531e3f9a029bb6e0bd4fad1fb04fc81b6

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:20:27 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.ModernPlus
16.04.05

avast!
Win32:Adware-ADQ [PUP]
2014.9-160405

AVG
Generic5
2017.0.2783

Bitdefender
Gen:Variant.Adware.Symmi.10902
1.0.20.480

Comodo Security
UnclassifiedMalware
18020

Emsisoft Anti-Malware
Gen:Variant.Adware.Symmi.10902
8.16.04.05.11

ESET NOD32
Win32/Adware.Kraddare.FQ (variant)
10.9614

F-Secure
Gen:Variant.Adware.Symmi.10902
11.2016-05-04_3

G Data
Gen:Variant.Adware.Symmi.10902
16.4.24

Malwarebytes
Adware.Korad.Gen
v2016.04.05.11

MicroWorld eScan
Gen:Variant.Adware.Symmi.10902
17.0.0.288

NANO AntiVirus
Trojan.Win32.Kraddare.cohirs
0.28.0.58720

Sophos
Kraddare
4.98

File size:
84.9 KB (86,928 bytes)

Product version:
1, 0, 0, 9

Copyright:
Copyright (C) 2009

Trademarks:
ModinLand

Original file name:
windilandsvc.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\syswow64\windilandsvc.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/1/2011 9:00:00 AM

Valid to:
4/1/2012 8:59:59 AM

Subject:
CN=USENET, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=USENET, L=Kumingan Barat No.8, S=Jakarta, C=ID

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
135E046F1C85E3B019A1844C115E3464

File PE Metadata
Compilation timestamp:
12/7/2011 7:12:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:uW0Un8vBR6cPlePiPn1RpVSpE1H8SwIYPWVkSzEqhCEjKPlquPJskmLtlMNH1GuB:uTxeuqpEcSLVkSLjlaJHmLtlTux

Entry address:
0x5DEE

Entry point:
55, 8B, EC, 6A, FF, 68, 40, D2, 40, 00, 68, 68, 9D, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 6C, D1, 40, 00, 33, D2, 8A, D4, 89, 15, D4, 35, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, D0, 35, 41, 00, C1, E1, 08, 03, CA, 89, 0D, CC, 35, 41, 00, C1, E8, 10, A3, C8, 35, 41, 00, 33, F6, 56, E8, A2, 10, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 51, 3D, 00, 00, FF, 15, 68, D1, 40, 00, A3, 28, 4C, 41, 00, E8...
 
[+]

Entropy:
5.4159

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
48 KB (49,152 bytes)

Service
Display name:
Windows MineService Diagnostics Service

Description:
Enables the diagnostic of MineService.

Type:
Win32OwnProcess


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 192.193.28.185.gransy.com  (185.28.193.192:80)

Remove windilandsvc.exe - Powered by Reason Core Security