windimixsvc.exe

ModinMix Service

USENET

The application windimixsvc.exe, “ModinMix Diagnostics Service” by USENET has been detected as a potentially unwanted program by 15 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Windows MineService Diagnostics Service”. While running, it connects to the Internet address 192.193.28.185.gransy.com on port 80 using the HTTP protocol.
Publisher:
PT.USENET  (signed by USENET)

Product:
ModinMix Service

Description:
ModinMix Diagnostics Service

Version:
1, 0, 0, 9

MD5:
830c585fe0fce7f86d7d63b6c4505fc1

SHA-1:
05b215cf7aadd656e956904f588dbf2eac7429aa

SHA-256:
aa21e8f18fcc3833560048b6428cda4c9b4dbc241ec39f38921af46e5fdd8c13

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:43:43 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Generic
7.1.1

Avira AntiVirus
Adware/Agent.86920.2
7.11.97.202

avast!
Win32:Adware-ADQ [PUP]
2014.9-160922

AVG
Generic5
2017.0.2612

Bitdefender
Application.Generic.490141
1.0.20.1330

Comodo Security
UnclassifiedMalware
16805

ESET NOD32
Win32/Adware.Kraddare.FQ (variant)
10.8718

F-Secure
Application.Generic.490141
11.2016-22-09_5

G Data
Application.Generic.490141
16.9.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.0.127

Kaspersky
not-a-virus:HEUR:AdWare.Win32.WinAgir
14.0.0.-444

MicroWorld eScan
Application.Generic.490141
17.0.0.798

Panda Antivirus
Suspicious file
16.09.22.09

Sophos
Kraddare
4.91

VIPRE Antivirus
Trojan.Win32.Generic
20782

File size:
84.9 KB (86,920 bytes)

Product version:
1, 0, 0, 9

Copyright:
Copyright (C) 2009

Trademarks:
ModinMix

Original file name:
windimixsvc.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\windimixsvc.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/1/2011 9:00:00 AM

Valid to:
4/1/2012 8:59:59 AM

Subject:
CN=USENET, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=USENET, L=Kumingan Barat No.8, S=Jakarta, C=ID

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
135E046F1C85E3B019A1844C115E3464

File PE Metadata
Compilation timestamp:
12/7/2011 7:09:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:mW0Un8vBR6cPlePiPn1RpVSpE1H8SwIYPWVkSzEqhCEjKPlquPJskmLtlM9H1GFI:mTxeuqpEcSLVkSLjlaJHmLtlbF8N

Entry address:
0x5DEE

Entry point:
55, 8B, EC, 6A, FF, 68, 40, D2, 40, 00, 68, 68, 9D, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 6C, D1, 40, 00, 33, D2, 8A, D4, 89, 15, D4, 35, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, D0, 35, 41, 00, C1, E1, 08, 03, CA, 89, 0D, CC, 35, 41, 00, C1, E8, 10, A3, C8, 35, 41, 00, 33, F6, 56, E8, A2, 10, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 51, 3D, 00, 00, FF, 15, 68, D1, 40, 00, A3, 28, 4C, 41, 00, E8...
 
[+]

Entropy:
5.4159

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
48 KB (49,152 bytes)

Service
Display name:
Windows MineService Diagnostics Service

Description:
Enables the diagnostic of MineService.

Type:
Win32OwnProcess


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 192.193.28.185.gransy.com  (185.28.193.192:80)

Remove windimixsvc.exe - Powered by Reason Core Security