home

msdcsc.exe

Remote Service Application

Microsoft Corp.

The application msdcsc.exe has been detected as a potentially unwanted program by 39 anti-malware scanners.
Publisher:
Microsoft Corp.

Product:
Remote Service Application

Version:
1, 0, 0, 1

MD5:
9cf579119917af28b4c8a5e081eaf186

SHA-1:
3f218da46c64a579a2279be927ce9e4e0d7cc2b5

SHA-256:
bd76916f34ba04e9af75dbee9bbcd05a082601b56dc16c584e3048a414a3be19

Scanner detections:
39 / 68

Status:
Potentially unwanted

Explanation:
The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:
4/25/2024 10:28:38 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Keylogger.MWQ
1017

Agnitum Outpost
Trojan.Fynloski.Gen.2
7.1.1

AhnLab V3 Security
Backdoor/Win32.Graybird
14.04.24

Avira AntiVirus
BDS/Fynloski.675840
7.11.145.40

avast!
Win32:Delf-SQI [Trj]
2014.9-140424

AVG
BackDoor.Generic15
2015.0.3495

Bitdefender
Trojan.Keylogger.MWQ
1.0.20.570

Bkav FE
W32.OnGamesLTVRRLNR.Trojan
1.3.0.4959

Clam AntiVirus
WIN.Trojan.DarkKomet
0.98/18355

Comodo Security
Backdoor.Win32.Agent.XAB
18160

Dr.Web
BackDoor.Comet.963
9.0.1.0114

Emsisoft Anti-Malware
Trojan.Keylogger.MWQ
8.14.04.24.11

ESET NOD32
Win32/Fynloski.AA
8.9717

Fortinet FortiGate
W32/DarkKomet.ID!tr.bdr
4/24/2014

F-Prot
W32/Downloader.C.gen
v6.4.7.1.166

F-Secure
Trojan.Keylogger.MWQ
11.2014-24-04_5

G Data
Trojan.Keylogger.MWQ
14.4.24

IKARUS anti.virus
Trojan.Win32.CDur
t3scan.1.6.1.0

K7 AntiVirus
Backdoor
13.176.11873

Kaspersky
Backdoor.Win32.DarkKomet
14.0.0.3968

Malwarebytes
Backdoor.Agent.DCRSAGen
v2014.04.24.11

McAfee
Generic BackDoor.xa
5600.7151

Microsoft Security Essentials
VirTool:Win32/DelfInject.gen!BI
1.10502

MicroWorld eScan
Trojan.Keylogger.MWQ
15.0.0.342

NANO AntiVirus
Trojan.Win32.Tordev.rjriz
0.28.0.59492

Norman
Fynloski.V
11.20140424

nProtect
Backdoor/W32.Agent.676352.I
14.04.24.02

Panda Antivirus
Generic Trojan
14.04.24.11

Qihoo 360 Security
Malware.QVM05.Gen
1.0.0.1015

Quick Heal
Backdoor.Fynloski.A9
4.14.12.00

Rising Antivirus
PE:Backdoor.Pontoeb!1.6637
23.00.65.14422

Sophos
Mal/Behav-058
4.98

SUPERAntiSpyware
Adware.Kraddare
10646

Total Defense
Win32/Fynloski.EF
37.0.10896

Trend Micro House Call
TROJ_AGENT_019920.TOMB
7.2.114

Trend Micro
TROJ_AGENT_019920.TOMB
10.465.24

Vba32 AntiVirus
Malware-Cryptor.Inject.gen
3.12.26.0

VIPRE Antivirus
Backdoor.Win32.Fynloski.A
28570

ViRobot
Backdoor.Win32.A.Delf.318976.A
2011.4.7.4223

File size:
660.5 KB (676,352 bytes)

Product version:
4, 0, 0, 0

Copyright:
Copyright (C) 1999

Original file name:
MSRSAAP.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\msdcsc.exe

File PE Metadata
Compilation timestamp:
4/15/2012 8:06:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:MXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UQ:anAw2WWeFcfbP9VPSPMTSPL/rWvzq4JA

Entry address:
0x90888

Entry point:
55, 8B, EC, B9, 31, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 30, EC, 48, 00, E8, 2F, 6E, F7, FF, 33, C0, 55, 68, 6E, 16, 49, 00, 64, FF, 30, 64, 89, 20, 6A, 00, E8, 32, F7, F7, FF, A1, B4, 58, 49, 00, C6, 00, 01, E8, 71, AF, FF, FF, B2, 01, A1, D0, E6, 48, 00, E8, 69, DE, FF, FF, A3, F0, F3, 49, 00, 33, D2, 55, 68, 09, 0A, 49, 00, 64, FF, 32, 64, 89, 22, 8D, 4D, EC, BA, 88, 16, 49, 00, A1, F0, F3, 49, 00, E8, B8, DE, FF, FF, 8B, 55, EC, A1, 3C, 5B, 49, 00, E8, 7F, 4C, F7, FF, 8D, 55, E0...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
575 KB (588,800 bytes)

Remove msdcsc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.