» svcspwin.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

svcspwin.exe

WinsPop Enterprise Super V 2.0

agir

The application svcspwin.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “WinsPop Service”. While running, it connects to the Internet address 209-99-40-223.fwd.datafoundry.com on port 80 using the HTTP protocol.

File name:

svcspwin.exe

Publisher:

agir

Product:

WinsPop Enterprise Super V 2.0

Version:

1, 3, 1, 177

MD5:

d8b1fc8b2382f06023006d98de40a783

SHA-1:

fc023c8c881e408326ffb5d9333a40b92a9f7454

SHA-256:

27664e9a03b25ff6330019581249b0878280024b85486c3d0123fd13d41f9308

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 9:04:01 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.WinAgir

2013.11.09

avast!

Win32:Dropper-LAS [Drp]

2014.9-160625

AVG

Generic5

2017.0.2701

Bitdefender

Gen:Variant.Graftor.116422

1.0.20.885

Emsisoft Anti-Malware

Gen:Variant.Graftor.116422

8.16.06.25.07

ESET NOD32

Win32/Adware.Kraddare.FQ (variant)

10.9024

Fortinet FortiGate

Riskware/Kraddare

6/25/2016

F-Secure

Gen:Variant.Graftor.116422

11.2016-25-06_7

G Data

Gen:Variant.Graftor.116422

16.6.22

IKARUS anti.virus

not-a-virus:AdWare.Win32.WinAgir

t3scan.2.0.127

Malwarebytes

Adware.KorAd

v2016.06.25.07

McAfee

Artemis!D8B1FC8B2382

5600.6357

MicroWorld eScan

Gen:Variant.Graftor.116422

17.0.0.531

Panda Antivirus

Generic Malware

16.06.25.07

VIPRE Antivirus

Trojan.Win32.Generic

23172

File size:

96 KB (98,304 bytes)

Product version:

1, 3, 1, 177

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\syswow64\svcspwin.exe

File PE Metadata

Compilation timestamp:

9/14/2013 1:16:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:5ynEn+NWQYKz3/DmTCdmQBs0TvAZR/Cn+JBCnFtixL9akkkkkkkkkkkkkkIrP:CNWQJz3/DSqmgGR6n+JBoFtmz

Entry address:

0x7483

Entry point:

55, 8B, EC, 6A, FF, 68, F0, F4, 40, 00, 68, 1C, AD, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 34, F1, 40, 00, 33, D2, 8A, D4, 89, 15, 94, 74, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 90, 74, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 8C, 74, 41, 00, C1, E8, 10, A3, 88, 74, 41, 00, 6A, 01, E8, BF, 25, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, E9, 09, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Entropy:

5.4274

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

56 KB (57,344 bytes)

Service

Display name:

WinsPop Service

Type:

Win32OwnProcess

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 209-99-40-223.fwd.datafoundry.com (209.99.40.223:80)

Remove svcspwin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.