» mswinsvc.exe
Overview
Analysis
File Details

mswinsvc.exe

The executable mswinsvc.exe has been detected as malware by 26 anti-virus scanners.

File name:

mswinsvc.exe

MD5:

7ffc1f3ffb365e1839856f19638638fd

SHA-1:

f03e0b72e7abe27dd83aca4b39edbb53eaaf8646

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/28/2024 9:18:41 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Carrier.worm.61952

5.0.

Avira AntiVirus

TR/Downloader.Gen

8.2.1.196

Emsisoft A-Squared

Worm.Win32.AutoRun!IK

4.5.0.50

avast!

Win32:Rootkit-gen

2014.9-170313

AVG

BackDoor.Delf

2018.0.2441

Bitdefender

Worm.Generic.74126

1.0.20.360

Comodo Security

Heur.Packed.Unknown

4377

Dr.Web

Win32.HLLW.Autoruner.7402

9.0.1.072

ESET NOD32

Win32/Dewnad.AA (variant)

11.4972

Fortinet FortiGate

W32/AutoRun.BF!worm

3/13/2017

F-Prot

W32/Worm.ANNW

v6.4.5.1.85

F-Secure

Backdoor:W32/Bubz.gen!A

11.2017-13-03_2

G Data

Worm.Generic.74126

17.3.19

IKARUS anti.virus

Worm.Win32.AutoRun

t3scan.1.1.80.0

K7 AntiVirus

Trojan.Win32.Malware.1

13.7.10.1004

Kaspersky

Worm.Win32.Carrier

14.0.0.-1302

McAfee

W32/Autorun.worm!bf

5600.6097

Microsoft Security Essentials

Trojan:Win32/Malat

1.163.1557.0

Norman

W32/DLoader.QDDD

11.20170313

nProtect

Worm.Generic.74126

2009.1.8.0

Prevx

High Risk Spyware

3.0

Quick Heal

Trojan.Agent.ATV

3.17.10.00

Rising Antivirus

Worm.Win32.Autorun.fzr

23.00.65.17311

Sophos

Mal/Generic-E

4.52

Trend Micro

WORM_AUTORUN.FKT

10.465.13

Vba32 AntiVirus

Worm.Win32.AutoRun.armk

3.12.12.2

File size:

60.5 KB (61,952 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\microsoft\mswinsvc.exe

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x2B5A0

Entry point:

60, BE, 00, D0, 4A, 11, 8D, BE, 00, 40, FE, FF, C7, 87, A0, E0, 01, 00, 4E, 46, 2F, 55, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

60 KB (61,440 bytes)

Remove mswinsvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.