home

ApplicationService.exe

Application Service

App Services

The executable ApplicationService.exe, “Application Layer Service” has been detected as malware by 27 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Application Service’. While running, it connects to the Internet address 209-99-40-224.fwd.datafoundry.com on port 80 using the HTTP protocol.
Publisher:
App Services

Product:
Application Service

Description:
Application Layer Service

Version:
2.2.2.2

MD5:
87d533ae31c03214ec9c02885318e940

SHA-1:
88118782ec562ac3fb2d56c390b914eae7e87c1f

SHA-256:
fa9082cbe0fe6ad72306f8c8428aa2ae002d2af96696521423091e88c706e7b1

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
4/19/2024 7:54:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.325277
465

Agnitum Outpost
Worm.Agent
7.1.1

Avira AntiVirus
TR/Agent.cada.23991
7.11.212.242

avast!
Win32:Malware-gen
2014.9-151027

AVG
MSIL2
2016.0.2943

Baidu Antivirus
Trojan.MSIL.Agent
4.0.3.151027

Bitdefender
Gen:Variant.Kazy.325277
1.0.20.1500

Comodo Security
UnclassifiedMalware
21241

Emsisoft Anti-Malware
Gen:Variant.Kazy.325277
8.15.10.27.04

ESET NOD32
MSIL/Agent.FQ
9.11248

Fortinet FortiGate
MSIL/Agent.FQ!worm
10/27/2015

F-Secure
Gen:Variant.Kazy.325277
11.2015-27-10_3

G Data
Gen:Variant.Kazy.325277
15.10.25

IKARUS anti.virus
Trojan.MSIL2
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.1915118

Kaspersky
Trojan.MSIL.Agent
14.0.0.1212

McAfee
RDN/Generic.dx!dft
5600.6599

MicroWorld eScan
Gen:Variant.Kazy.325277
16.0.0.900

NANO AntiVirus
Trojan.Win32.Agent.dasxju
0.30.0.296

Norman
Suspicious_Gen4.FPDFZ
11.20151027

Panda Antivirus
Trj/CI.A
15.10.27.04

Qihoo 360 Security
Win32/Trojan.0de
1.0.0.1015

Quick Heal
Trojan.Agent.r3
10.15.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0EJU14
7.2.300

Trend Micro
TROJ_GEN.R0CBC0EJU14
10.465.27

VIPRE Antivirus
Trojan.Win32.Generic
37994

File size:
49.5 KB (50,688 bytes)

Product version:
2.2.2.2

Copyright:
Copyright © Application Layer Service 2010

Original file name:
ApplicationService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\application\applicationservice.exe

File PE Metadata
Compilation timestamp:
6/29/2012 12:59:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:Ej0TCVUC1AUvQZkwayOwHcNZvthZ+82BlHLizYcHeIm:EITCVUC1F0qwHcNZ7ZQ3vI

Entry address:
0x674E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9059

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
18 KB (18,432 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Application Service

Command:
C:\ProgramData\application\applicationservice.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to host-milton-134.dns247.com  (72.52.82.134:80)

TCP (HTTP):
Connects to 209-99-40-224.fwd.datafoundry.com  (209.99.40.224:80)

TCP (HTTP):
Connects to mail.techbuilderhub.com  (64.71.180.17:80)

Remove ApplicationService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.