service.exe

The application service.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “GoogleChromeUpService”. While running, it connects to the Internet address customer.sharktech.net on port 80 using the HTTP protocol.
Version:
1.0.0.12

MD5:
ef4ecabc8d1fe8c77979712b0bff17a2

SHA-1:
3dbd8a4bda99e6657d81f10949e6673e61a39335

SHA-256:
ee1d6de584aec0c380b5264c5f2c7732c3d3abfe1b7a9273c7d324d5d76d8ead

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 2:45:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Downloader (M)
17.2.21.2

File size:
1.6 MB (1,722,368 bytes)

Product version:
1.0.0.12

Copyright:
Copyright (C) 2015

Original file name:
service.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\ProgramData\service.exe

File PE Metadata
Compilation timestamp:
7/12/2007 1:29:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x19CC11

Entry point:
60, C7, C5, 10, F8, E2, 5E, 57, 53, 35, 4C, 68, 18, 2A, 89, D9, 0F, C1, FB, 08, D5, 0F, BA, F6, 19, 84, FB, 0F, A4, F8, 02, 0F, AF, F6, 6B, FF, 00, 0F, C9, 86, F1, B9, 57, B4, 0D, 2C, 0F, BA, E8, B6, 81, C7, 94, B1, FB, FF, 40, 0F, BC, D3, FF, C9, 81, C7, 6D, 4E, 04, 00, 87, CB, 69, EF, 37, 0D, 30, C3, 0F, BF, D1, 84, D5, 0F, A4, EE, 32, 81, D0, 64, 98, 0D, 4D, 0D, CC, 87, 9C, 53, 86, D1, 81, FF, 95, 02, 00, 00, 0F, 86, B7, FF, FF, FF, D2, CF, 19, DB, 0F, CE, 87, F1, 40, 22, D7, E8, 24, 00, 00, 00, 8D, 15...
 
[+]

Entropy:
6.4405

Code size:
1.2 MB (1,247,232 bytes)

Service
Display name:
GoogleChromeUpService

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 93-89-226-17.fbs.com.tr  (93.89.226.17:80)

TCP (HTTP):
Connects to customer.sharktech.net  (104.160.178.242:80)

Remove service.exe - Powered by Reason Core Security