home

winsvc.exe

winsvc

Technical and Commercial Consulting Pvt. Ltd.

The file winsvc.exe, “Windows Application” has been detected as malware by 32 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Windows Application  (signed by Technical and Commercial Consulting Pvt. Ltd.)

Product:
winsvc

Description:
Windows Application

Version:
5, 5, 0, 1

MD5:
46416847e3f92d1ef8237fc29167b9a9

SHA-1:
17ac30ae1e9a9f33263bbd0d7c1ae00543fa92dc

SHA-256:
5f23a998da792d1667bd7e7e19cb43d9f0eb8676c1e4b0dd8d602894049e89f5

Scanner detections:
32 / 68

Status:
Malware

Explanation:
The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:
4/19/2024 11:15:25 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.8468447
375

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Spyware/Win32.KeyLogger
2016.01.22

Avira AntiVirus
TR/Spy.Agent.acqh.11
8.3.2.4

Arcabit
Trojan.Generic.D8137DF
1.0.0.646

avast!
Win32:Downloader-TLX [Trj]
2014.9-160126

AVG
Downloader.Generic_c
2017.0.2853

Baidu Antivirus
Trojan.Win32.KeyLogger
4.0.3.16126

Bitdefender
Trojan.Generic.8468447
1.0.20.130

Comodo Security
UnclassifiedMalware
23997

Dr.Web
Trojan.DownLoader6.50269
9.0.1.026

Emsisoft Anti-Malware
Trojan.Generic.8468447
8.16.01.26.09

ESET NOD32
Win32/TrojanDownloader.Agent.RNT
10.12905

Fortinet FortiGate
W32/KeyLogger.ACQH!tr
1/26/2016

F-Secure
Trojan.Generic.8468447
11.2016-26-01_3

G Data
Trojan.Generic.8468447
16.1.25

IKARUS anti.virus
Trojan-Spy.Win32.KeyLogger
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18496

Kaspersky
Trojan-Spy.Win32.KeyLogger
14.0.0.758

McAfee
Artemis!46416847E3F9
5600.6509

MicroWorld eScan
Trojan.Generic.8468447
17.0.0.78

NANO AntiVirus
Trojan.Win32.KeyLogger.brqtyt
1.0.14.5380

nProtect
Trojan/W32.Agent.255416.C
16.01.21.01

Panda Antivirus
Trj/Spyeye.L
16.01.26.09

Qihoo 360 Security
Win32/Trojan.Spy.130
1.0.0.1077

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.03A813
7.2.26

Trend Micro
TROJ_SPNR.03A813
10.465.26

Vba32 AntiVirus
TrojanSpy.KeyLogger
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
46664

ViRobot
Trojan.Win32.S.KeyLogger.255416.A[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Keylogger.Win32.25317
2.0.0.2623

File size:
249.4 KB (255,416 bytes)

Product version:
1, 11, 0, 11

Copyright:
Copyright (C) 2012

Original file name:
winsvc.exe

Language:
English (United States)

Digital Signature
Signed by:
Technical and Commercial Consulting Pvt. Ltd.

Authority:
VeriSign, Inc.

Valid from:
11/22/2011 1:00:00 AM

Valid to:
11/22/2012 12:59:59 AM

Subject:
CN=Technical and Commercial Consulting Pvt. Ltd., OU=TCCPL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Technical and Commercial Consulting Pvt. Ltd., L=New Delhi, S=Delhi, C=IN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4BF1D68E926E2DD8966008C44F95EA1C

File PE Metadata
Compilation timestamp:
8/7/2012 7:57:56 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:z5Ynxp0hB16NcEy2ScgOXwgVhQNqooDfL:z5YnxwIPz3BDoo/

Entry address:
0x12DE1

Entry point:
E8, F3, A8, 00, 00, E9, 78, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, B0, C5, 43, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, B0, C5, 43, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
6.4723

Code size:
194 KB (198,656 bytes)

Remove winsvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.