policies.exe

It runs as a separate (within the context of its own process) windows Service named “Windows Policies”.
MD5:
381bac785ce1af0dee93d85ec13f5642

SHA-1:
a372d4290b11af59c0cd2bf5bc6bf58197f709e9

SHA-256:
91414ece9e130c418146b9d5556def9c6e5e2bcd92de73633a8e46bb1c57f188

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/26/2024 1:56:03 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/SuspPack.AA.gen
4.6.5.141

File size:
14.5 KB (14,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\policies\161011\policies.exe

File PE Metadata
Compilation timestamp:
1/1/2008 3:55:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.0

CTPH (ssdeep):
384:FRrFC35ncXcK9aiEPGLbL9PRt8DbAXoBX:/Fk9gzLf9PRt8QXAX

Entry address:
0x1C0

Entry point:
33, C0, C2, 08, 00, 00, 00, 00, 0D, 0A, 0D, 0A, 54, 68, 69, 73, 20, 66, 69, 6C, 65, 20, 77, 61, 73, 20, 73, 61, 6E, 69, 74, 69, 7A, 65, 64, 20, 62, 79, 20, 61, 76, 61, 73, 74, 21, 20, 41, 6E, 74, 69, 76, 69, 72, 75, 73, 2E, 0D, 0A, 0D, 0A, 00, 00, 70, 2A, 60, 50, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 02, 00, 05, 00, 70, 2D, 00, 00, 84, 21, 00, 00, 01, 00, 00, 00, 25, 00, 00, 06, B8, 2C, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
128 Bytes (128 bytes)

Service
Display name:
Windows Policies

Service name:
Policies

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ns517373.ip-158-69-27.net  (158.69.27.205:80)

TCP (HTTP):
Connects to host120.akamai.com  (165.254.32.120:80)

Scan policies.exe - Powered by Reason Core Security