» msdcsc.exe
Overview
Analysis
File Details
Behaviors (1)

msdcsc.exe

Remote Service Application

Microsoft Corp.

The executable msdcsc.exe has been detected as malware by 44 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MicroUpdate’.

File name:

msdcsc.exe

Publisher:

Microsoft Corp.

Product:

Remote Service Application

Version:

1, 0, 0, 1

MD5:

a8e57f34cc2de0c2d09e5dffbba58e69

SHA-1:

582666c81083a952c4217240668131673d3d314a

SHA-256:

49e7d01b140dbcc8151fe48eb6e1dd8bdc4ccb82c95dcbdfaabbd41d234f4774

Scanner detections:

44 / 68

Status:

Malware

Analysis date:

4/19/2024 8:10:44 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Backdoor.Fynloski.C

834

AegisLab AV Signature

Backdoor.W32.DarkKomet

2.1.4+

Agnitum Outpost

Trojan.Comet.Gen.LO

7.1.1

AhnLab V3 Security

Backdoor/Win32.Graybird

14.10.23

Avira AntiVirus

BDS/Backdoor.Gen

7.11.30.172

avast!

Win32:Delf-SQI [Trj]

141023-1

AVG

Trojan horse BackDoor.Generic16.CNXD

2014.0.4040

Baidu Antivirus

Backdoor.Win32.DarkKomet

4.0.3.141023

Bitdefender

Backdoor.Fynloski.C

1.0.20.1480

Bkav FE

W32.OnGamesLTKVPOK.Trojan

1.3.0.4959

Clam AntiVirus

WIN.Trojan.DarkKomet

0.98/19308

Comodo Security

Backdoor.Win32.Agent.XAB

17930

Dr.Web

BackDoor.Comet.1783

9.0.1.05190

Emsisoft Anti-Malware

Backdoor.Fynloski

14.10.23

ESET NOD32

Win32/Fynloski.AA trojan

7.0.302.0

Fortinet FortiGate

W32/DarkKomet.ID!tr.bdr

10/23/2014

F-Prot

W32/Downloader.C.gen

4.6.5.141

F-Secure

Backdoor.Fynloski.C

11.2014-23-10_5

G Data

Backdoor.Fynloski

14.10.24

IKARUS anti.virus

Trojan.Win32.CDur

t3scan.2.2.29

K7 AntiVirus

Backdoor

13.176.11451

Kaspersky

Backdoor.Win32.DarkKomet

15.0.0.494

Malwarebytes

Backdoor.Agent.DCRSAGen

v2014.10.23.09

McAfee

Generic BackDoor.xa

5600.6968

Microsoft Security Essentials

Threat.Undefined

1.173.2171.0

MicroWorld eScan

Backdoor.Fynloski.C

15.0.0.888

NANO AntiVirus

Trojan.Win32.DarkKomet.cssoim

0.28.0.58394

Norman

Downloader.HJVR

11.20141023

nProtect

Trojan/W32.Agent.673280.BU

14.03.15.01

Panda Antivirus

Trj/Packed.B

14.10.23.09

Qihoo 360 Security

Malware.QVM05.Gen

1.0.0.1015

Quick Heal

Backdoor.Fynloski.A9

10.14.12.00

Reason Heuristics

Threat.Win.Reputation.IMP

14.10.23.21

Rising Antivirus

PE:Trojan.Win32.Generic.12D83427!316159015

23.00.65.141021

Sophos

Troj/Backdr-ID

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Fynloski

10281

Total Defense

Win32/Fynloski.dBUBcfD

37.0.10818

Trend Micro House Call

TROJ_AGENT_058807.TOMB

7.2.296

Trend Micro

TROJ_AGENT_058807.TOMB

10.465.23

Vba32 AntiVirus

Backdoor.DarkKomet.aagt

3.12.24.3

VIPRE Antivirus

Backdoor.Win32.Fynloski.A

27388

ViRobot

Backdoor.Win32.Agent.674304.A

2011.4.7.4223

XVirus List

Win.Detected

2.3.31

Zillya! Antivirus

Backdoor.DarkKomet.Win32.522

2.0.0.1790

File size:

658.5 KB (674,304 bytes)

Product version:

4, 0, 0, 0

Original file name:

MSRSAAP.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

6/7/2012 11:59:53 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hB:+Z1xuVVjfFoynPaVBUR8f+kN10EBn

Entry address:

0x8F888

Entry point:

55, 8B, EC, B9, 30, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, E0, E3, 48, 00, E8, 2F, 7E, F7, FF, 33, C0, 55, 68, 56, 06, 49, 00, 64, FF, 30, 64, 89, 20, 6A, 00, E8, 2A, 07, F8, FF, A1, B0, 48, 49, 00, C6, 00, 01, E8, 21, B7, FF, FF, B2, 01, A1, 80, DE, 48, 00, E8, 19, E6, FF, FF, A3, E8, C3, 49, 00, 33, D2, 55, 68, 09, FA, 48, 00, 64, FF, 32, 64, 89, 22, 8D, 4D, EC, BA, 70, 06, 49, 00, A1, E8, C3, 49, 00, E8, 68, E6, FF, FF, 8B, 55, EC, A1, 38, 4B, 49, 00, E8, 7F, 5C, F7, FF, 8D, 55, E0... 
[+]

Entropy:

6.6178

Developed / compiled with:

Microsoft Visual C++

Code size:

573 KB (586,752 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MicroUpdate

Command:

C:\users\{user}\documents\msdcsc\msdcsc.exe

Remove msdcsc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.