winzillsvc.exe

ModenZill Service

USENET

The application winzillsvc.exe, “ModenZill Diagnostics Service” by USENET has been detected as a potentially unwanted program by 10 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Windows MineService Diagnostics Service”. While running, it connects to the Internet address 192.193.28.185.gransy.com on port 80 using the HTTP protocol.
Publisher:
PT.USENET  (signed by USENET)

Product:
ModenZill Service

Description:
ModenZill Diagnostics Service

Version:
1, 0, 0, 9

MD5:
449be2b403ee9aa20a7a27e58b1c2adc

SHA-1:
17ed2912d9eca9fe45b7f5e3616df9f32b63b70f

SHA-256:
5556a645e67106bac4c071c53523557c24a81e10d268d42e082675a0d1d91238

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:31:37 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.ModernPlus
2013.03.20

avast!
Win32:Adware-ADQ [PUP]
2014.9-151212

AVG
Generic5
2016.0.2897

Bitdefender
Gen:Variant.Symmi.11871
1.0.20.1730

Comodo Security
UnclassifiedMalware
15629

ESET NOD32
Win32/Adware.Kraddare.FQ (variant)
9.8136

F-Secure
Gen:Variant.Symmi.11871
11.2015-12-12_7

G Data
Gen:Variant.Symmi.11871
15.12.22

Malwarebytes
Adware.Korad.Gen
v2015.12.12.10

MicroWorld eScan
Gen:Variant.Symmi.11871
16.0.0.1038

File size:
84.9 KB (86,928 bytes)

Product version:
1, 0, 0, 9

Copyright:
Copyright (C) 2009

Trademarks:
ModenZill

Original file name:
winzillsvc.exe

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Common path:
C:\windows\syswow64\winzillsvc.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/31/2011 5:00:00 PM

Valid to:
3/31/2012 4:59:59 PM

Subject:
CN=USENET, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=USENET, L=Kumingan Barat No.8, S=Jakarta, C=ID

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
135E046F1C85E3B019A1844C115E3464

File PE Metadata
Compilation timestamp:
12/7/2011 2:01:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:uW0Un8vBR6cPlePiPn1RpVSpE1H8SwIYPWVkSzEqhCEjKPlquPJskmLtlM1H1GQ4:uTxeuqpEcSLVkSLjlaJHmLtl7Qm

Entry address:
0x5DEE

Entry point:
55, 8B, EC, 6A, FF, 68, 40, D2, 40, 00, 68, 68, 9D, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 6C, D1, 40, 00, 33, D2, 8A, D4, 89, 15, D4, 35, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, D0, 35, 41, 00, C1, E1, 08, 03, CA, 89, 0D, CC, 35, 41, 00, C1, E8, 10, A3, C8, 35, 41, 00, 33, F6, 56, E8, A2, 10, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 51, 3D, 00, 00, FF, 15, 68, D1, 40, 00, A3, 28, 4C, 41, 00, E8...
 
[+]

Entropy:
5.4159

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
48 KB (49,152 bytes)

Service
Display name:
Windows MineService Diagnostics Service

Description:
Enables the diagnostic of MineService.

Type:
Win32OwnProcess


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 192.193.28.185.gransy.com  (185.28.193.192:80)

Remove winzillsvc.exe - Powered by Reason Core Security