» dbxsvc.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

dbxsvc.exe

Dropbox

Dropbox, Inc.

The executable dbxsvc.exe has been detected as malware by 3 anti-virus scanners. It runs as a windows Service named “DbxSvc”. While running, it connects to the Internet address mailrelay.203.website.ws on port 80 using the HTTP protocol.

File name:

dbxsvc.exe

Publisher:

Dropbox, Inc.

Product:

Dropbox

Description:

Dropbox Service

Version:

1.0.20.0

MD5:

d9ee8175770cabef7f0466b4d39825bb

SHA-1:

72dbcc2a3ae3912f10c9167fee508d17863406e5

SHA-256:

42c5bd5fbd144b3b74ecbcccc39aa8d8f44e754afb8d7f4426b82d7a7fda8895

Scanner detections:

3 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/16/2024 7:46:25 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Win64.Expiro.108

9.0.1.05190

ESET NOD32

Win64/Expiro.Q virus

6.3.12010.0

F-Secure

Win64.Expiro.Gen.3

5.15.154

File size:

607.5 KB (622,080 bytes)

Dropbox, Inc.

Original file name:

dbxsvc.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\dbxsvc.exe

File PE Metadata

Compilation timestamp:

1/4/2017 1:56:16 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

9.0

Entry address:

0x4870

Entry point:

90, 55, 48, 89, E5, 56, 48, FF, CE, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 81, EC, F0, 00, 00, 00, 48, C7, 45, 88, 04, 00, 00, 00, 4C, 8B, 55, 88, 49, 83, C2, 03, 4C, 89, 55, 98, 4C, 8B, 55, 88, 49, 83, C2, 07, 4C, 89, 95, 78, FF, FF, FF, 48, C7, C0, 15, 00, 00, 00, 4C, 8B, 55, 98, 48, 99, 49, F7, FA, 48, 89, 45, 90, 4C, 8B, 55, 88, 49, 83, C2, 07, 4C, 89, 95, 68, FF, FF, FF, 48, C7, C0, 16, 00, 00, 00, 4C, 8B, 95, 68, FF, FF, FF, 48, 99, 49, F7, FA, 48, 89, 85, 40, FF, FF, FF, 4C, 8B, 55, 90, 4C, 03, 55... 
[+]

Entropy:

7.2134

Code size:

21 KB (21,504 bytes)

Service

Display name:

DbxSvc

Description:

Dropbox Service

Type:

Win32OwnProcess, InteractiveProcess

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to mailrelay.203.website.ws (64.70.19.203:80)

Remove dbxsvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.