winmbtuscasvc.exe

MobinTusca Service

USENET

The application winmbtuscasvc.exe, “MobinTusca Diagnostics Service” by USENET has been detected as a potentially unwanted program by 19 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Windows MineService Diagnostics Service”. While running, it connects to the Internet address 192.193.28.185.gransy.com on port 80 using the HTTP protocol.
Publisher:
PT.USENET  (signed by USENET)

Product:
MobinTusca Service

Description:
MobinTusca Diagnostics Service

Version:
1, 0, 0, 9

MD5:
9c4b28dbd6ad54d2f35977af2119cd09

SHA-1:
e89059cfd9c342f8f4f014d9920593956ddfd68f

SHA-256:
868d75302f164048f0c3ad6cd88190041ab0ff5bbab42644ee64518acddd3e95

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 8:34:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Symmi.10902
187

AhnLab V3 Security
PUP/Win32.ModernPlus
2015.12.23

Arcabit
Trojan.Adware.Symmi.D2A96
1.0.0.637

avast!
Win32:Adware-ADQ [PUP]
2014.9-160801

AVG
Generic5
2017.0.2665

Bitdefender
Gen:Variant.Adware.Symmi.10902
1.0.20.1070

Bkav FE
W32.HfsAdware
1.3.0.7400

Comodo Security
UnclassifiedMalware
23830

Dr.Web
Adware.Siggen.31410
9.0.1.0214

Emsisoft Anti-Malware
Gen:Variant.Adware.Symmi.10902
8.16.08.01.05

ESET NOD32
Win32/Adware.Kraddare.FQ (variant)
10.12765

F-Secure
Gen:Variant.Adware.Symmi
11.2016-01-08_2

G Data
Gen:Variant.Adware.Symmi.10902
16.8.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.9.5.0

Malwarebytes
Adware.KorAd
v2016.08.01.05

MicroWorld eScan
Gen:Variant.Adware.Symmi.10902
17.0.0.642

NANO AntiVirus
Trojan.Win32.Kraddare.cohirs
1.0.14.5317

VIPRE Antivirus
Trojan.Win32.Generic
45948

Zillya! Antivirus
Adware.Kraddare.Win32.2419
2.0.0.2573

File size:
84.9 KB (86,928 bytes)

Product version:
1, 0, 0, 9

Copyright:
Copyright (C) 2009

Trademarks:
MobinTusca

Original file name:
winmbtuscasvc.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\winmbtuscasvc.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/31/2011 8:00:00 PM

Valid to:
3/31/2012 7:59:59 PM

Subject:
CN=USENET, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=USENET, L=Kumingan Barat No.8, S=Jakarta, C=ID

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
135E046F1C85E3B019A1844C115E3464

File PE Metadata
Compilation timestamp:
12/7/2011 5:10:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:9W0Un8vBR6cPlePiPn1RpVSpE1H8SwIYPWVkSzEqhCEjKPlquPJskmLtlMEH1G2G:9TxeuqpEcSLVkSLjlaJHmLtl+2GDF

Entry address:
0x5DEE

Entry point:
55, 8B, EC, 6A, FF, 68, 40, D2, 40, 00, 68, 68, 9D, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 6C, D1, 40, 00, 33, D2, 8A, D4, 89, 15, D4, 35, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, D0, 35, 41, 00, C1, E1, 08, 03, CA, 89, 0D, CC, 35, 41, 00, C1, E8, 10, A3, C8, 35, 41, 00, 33, F6, 56, E8, A2, 10, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 51, 3D, 00, 00, FF, 15, 68, D1, 40, 00, A3, 28, 4C, 41, 00, E8...
 
[+]

Entropy:
5.4165

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
48 KB (49,152 bytes)

Service
Display name:
Windows MineService Diagnostics Service

Description:
Enables the diagnostic of MineService.

Type:
Win32OwnProcess


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 192.193.28.185.gransy.com  (185.28.193.192:80)

Remove winmbtuscasvc.exe - Powered by Reason Core Security