home

winsrvc.exe

The executable winsrvc.exe has been detected as malware by 33 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Microsoft Windows Service’.
MD5:
4cbd60e63d3acf3f952d3a55310890d9

SHA-1:
1b12ba6b07f7252a990a274533bb8bfa7f87d546

SHA-256:
af270b812f7b31b1794a9c5b8b4b58c3f02e10d7e42f1706c5738d0a77883290

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
4/25/2024 8:32:08 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.50791
803

Agnitum Outpost
Worm.SdBot
7.1.1

AhnLab V3 Security
Trojan/Win32.Jorik
2014.08.18

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.167.202

avast!
Win32:Kryptik-JSS [Trj]
2014.9-141124

AVG
Generic29
2015.0.3281

Baidu Antivirus
Backdoor.Win32.SdBot
4.0.3.141124

Bitdefender
Gen:Variant.Kazy.50791
1.0.20.1640

Comodo Security
TrojWare.Win32.Kryptik.ANDF
19229

Dr.Web
Trojan.MulDrop3.64481
9.0.1.0328

Emsisoft Anti-Malware
Gen:Variant.Kazy.50791
8.14.11.24.02

ESET NOD32
Win32/Kryptik.AKWY (variant)
8.10272

Fortinet FortiGate
W32/Kryptik.AGF!tr
11/24/2014

F-Secure
Gen:Variant.Kazy.50791
11.2014-24-11_2

G Data
Gen:Variant.Kazy.50791
14.11.24

IKARUS anti.virus
Backdoor.Win32.SdBot
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13054

Kaspersky
Backdoor.Win32.SdBot
14.0.0.2900

Malwarebytes
Trojan.Agent
v2014.11.24.02

McAfee
W32/Sdbot.worm!oz
5600.6937

Microsoft Security Essentials
Worm:Win32/Phorpiex.M
1.10802

MicroWorld eScan
Gen:Variant.Kazy.50791
15.0.0.984

NANO AntiVirus
Trojan.Win32.SdBot.wcuej
0.28.2.61519

Norman
Nucleroot.NM
11.20141124

Panda Antivirus
Generic Malware
14.11.24.02

Qihoo 360 Security
HEUR/Malware.QVM19.Gen
1.0.0.1015

Quick Heal
Worm.Dorkbot.A
11.14.14.00

Sophos
Mal/EncPk-AGF
4.98

Trend Micro House Call
TROJ_SPNR.14HQ12
7.2.328

Trend Micro
TROJ_SPNR.14HQ12
10.465.24

Vba32 AntiVirus
Backdoor.SdBot
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Encpk.agf
32314

ViRobot
Backdoor.Win32.A.IRCBot.29184.K
2011.4.7.4223

File size:
28.5 KB (29,184 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\kf2\m-0-5778-6436-2457\winsrvc.exe

File PE Metadata
Compilation timestamp:
8/19/2012 10:55:49 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
768:PtzmOBbWjl5F3VPalZ5Wn+Q0Kysxg53rZq7e:AOBbul5FlPalun+uxmse

Entry address:
0xE000

Entry point:
55, 8B, EC, 83, EC, 1C, 53, 56, 57, 50, 51, 52, 53, 56, 57, C7, 45, F0, 00, 00, 00, 00, EB, 09, 8B, 45, F0, 83, C0, 01, 89, 45, F0, 81, 7D, F0, 50, C3, 00, 00, 7D, 04, 8B, C0, EB, EA, E8, 7D, 17, 00, 00, 89, 45, F4, C6, 05, D4, 04, 41, 00, 4E, C6, 05, C4, 04, 41, 00, 4E, 68, D4, 04, 41, 00, 8B, 4D, F4, 51, E8, CE, 15, 00, 00, 83, C4, 08, A3, 9C, 04, 41, 00, 6A, 00, 6A, 00, FF, 15, 9C, 04, 41, 00, 89, 45, F8, 68, C4, 04, 41, 00, 8B, 55, F4, 52, E8, AB, 15, 00, 00, 83, C4, 08, A3, 98, 04, 41, 00, 83, 3D, 98...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
7 KB (7,168 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Microsoft Windows Service

Command:
C:\users\kf2\m-0-5778-6436-2457\winsrvc.exe


Remove winsrvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.