» services.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

services.exe

The executable services.exe has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address www.ovip.icq.com on port 80 using the HTTP protocol.

File name:

services.exe

MD5:

eb4f42eb8ab3c033a5284021f4dbc1d8

SHA-1:

074688b3ff6d2ffb741f6a06ba1bb78d55aa1866

SHA-256:

22e9faaa17f23e48a333d480f1d30a47c61e26e1cda9326393ccade0acf9f692

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

11/23/2024 5:27:47 AM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Trojan.Prorat-47

0.98/23045

Dr.Web

BackDoor.ProRat

9.0.1.05190

ESET NOD32

Win32/Prorat.19 trojan

6.3.12010.0

F-Prot

W32/Prorat.AK

4.6.5.141

F-Secure

Dropped:Generic.Malware.G!SFMBVbg.43743A88

5.15.154

Kaspersky

Backdoor.Win32.Prorat

15.0.2.529

Microsoft Security Essentials

Backdoor:Win32/Prorat.T

1.235.2586.0

File size:

1.9 MB (2,027,008 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\services.exe

File PE Metadata

Compilation timestamp:

11/19/2004 7:19:18 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

Entry address:

0x1000

Entry point:

EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, F8, A3, 4B, 00, A1, EB, A3, 4B, 00, C1, E0, 02, A3, EF, A3, 4B, 00, 52, 6A, 00, E8, 0D, 7B, 0B, 00, 8B, D0, E8, 7A, 53, 09, 00, 5A, E8, D8, 52, 09, 00, E8, AF, 53, 09, 00, 6A, 00, E8, E8, 67, 09, 00, 59, 68, 94, A3, 4B, 00, 6A, 00, E8, E7, 7A, 0B, 00, A3, F3, A3, 4B, 00, 6A, 00, E9, 3F, F2, 09, 00, E9, 16, 68, 09, 00, 33, C0, A0, DD, A3, 4B, 00, C3, A1, F3, A3, 4B, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, B8, 00, 00, 00, 0B, C9... 
[+]

Entropy:

3.8900

Code size:

740 KB (757,760 bytes)

InstalledComponents

Name:

{5Y99AE78-58TT-11dW-BE53-Y67078979Y}

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.ovip.icq.com (178.237.20.20:80)

TCP (HTTP):

Connects to lb-182-209.above.com (103.224.182.209:80)

Remove services.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.