home

masterservice.exe

{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

The executable masterservice.exe has been detected as malware by 32 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Windows Master Service’.
Publisher:
{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}  (signed and verified)

MD5:
1daf60836cb4530f0cceb211021bf2d2

SHA-1:
3b90a27e3ed90ecb73f0adac3b6be4a3dd65f241

SHA-256:
f2770fcda8608da4a739be46d67aeac6787bbf68176554ce1c6f9282f3a4af9c

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
4/26/2024 6:34:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.Jatif.Gen.1
93

Agnitum Outpost
FraudTool.Windef
7.1.1

AhnLab V3 Security
Trojan/Win32.CoinMiner
2015.12.23

Avira AntiVirus
TR/Injector.dph.2
8.3.2.4

Arcabit
Trojan.Jatif.Gen.1
1.0.0.637

avast!
Win32:Malware-gen
2014.9-161103

AVG
CoinMiner
2017.0.2571

Baidu Antivirus
Trojan.MSIL.Injector
4.0.3.16113

Bitdefender
Gen:Heur.Jatif.Gen.1
1.0.20.1540

Comodo Security
UnclassifiedMalware
23826

Dr.Web
Tool.PassView.784
9.0.1.0308

Emsisoft Anti-Malware
Gen:Heur.Jatif.Gen
8.16.11.03.09

ESET NOD32
MSIL/Injector.DPH (variant)
10.12763

Fortinet FortiGate
W32/Windef.DPH!tr
11/3/2016

F-Secure
Gen:Heur.Jatif.Gen.1
11.2016-03-11_5

G Data
Gen:Heur.Jatif.Gen
16.11.25

IKARUS anti.virus
Trojan.CoinMiner
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18189

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-652

McAfee
Artemis!1DAF60836CB4
5600.6227

Microsoft Security Essentials
Worm:Win32/Ainslot.A
1.1.12400.0

MicroWorld eScan
Gen:Heur.Jatif.Gen.1
17.0.0.924

NANO AntiVirus
Trojan.Win32.Blackshades.dcczpf
1.0.14.5317

Panda Antivirus
Trj/CI.A
16.11.03.09

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1077

Quick Heal
TrojanFakeAV.Windef.r3
11.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.161101

Sophos
Mal/Cleaman-B
4.98

Trend Micro House Call
TROJ_SPNR.35FJ14
7.2.308

Trend Micro
TROJ_SPNR.35FJ14
10.465.03

Vba32 AntiVirus
TrojanFakeAV.Windef
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45948

File size:
337.1 KB (345,152 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\3cnx4i42.dre\masterservice.exe

Digital Signature
Signed by:
{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Authority:
{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Valid from:
4/29/2014 2:09:56 PM

Valid to:
4/29/2015 8:09:56 PM

Subject:
CN={D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Issuer:
CN={D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Serial number:
1E6CC65BB239DD99402691D1631F5B0C

File PE Metadata
Compilation timestamp:
5/9/2014 7:10:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:NRUBHaHHP85hkZdYQESwOtNqNfRIoQNaVAwdAiHtjFax+Oq8hsX0YTg1/lnr0b:NG6nakaoqYoQN6AwdzNjFaxsEYMwb

Entry address:
0x508EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.2124

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
314.5 KB (322,048 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Windows Master Service

Command:
C:\users\{user}\appdata\local\3cnx4i42.dre\masterservice.exe


Remove masterservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.