services.exe

The executable services.exe has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address www.ovip.icq.com on port 80 using the HTTP protocol.
MD5:
eb4f42eb8ab3c033a5284021f4dbc1d8

SHA-1:
074688b3ff6d2ffb741f6a06ba1bb78d55aa1866

SHA-256:
22e9faaa17f23e48a333d480f1d30a47c61e26e1cda9326393ccade0acf9f692

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/5/2024 11:18:30 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Prorat-47
0.98/23045

Dr.Web
BackDoor.ProRat
9.0.1.05190

ESET NOD32
Win32/Prorat.19 trojan
6.3.12010.0

F-Prot
W32/Prorat.AK
4.6.5.141

F-Secure
Dropped:Generic.Malware.G!SFMBVbg.43743A88
5.15.154

Kaspersky
Backdoor.Win32.Prorat
15.0.2.529

Microsoft Security Essentials
Backdoor:Win32/Prorat.T
1.235.2586.0

File size:
1.9 MB (2,027,008 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\services.exe

File PE Metadata
Compilation timestamp:
11/19/2004 7:19:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

Entry address:
0x1000

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, F8, A3, 4B, 00, A1, EB, A3, 4B, 00, C1, E0, 02, A3, EF, A3, 4B, 00, 52, 6A, 00, E8, 0D, 7B, 0B, 00, 8B, D0, E8, 7A, 53, 09, 00, 5A, E8, D8, 52, 09, 00, E8, AF, 53, 09, 00, 6A, 00, E8, E8, 67, 09, 00, 59, 68, 94, A3, 4B, 00, 6A, 00, E8, E7, 7A, 0B, 00, A3, F3, A3, 4B, 00, 6A, 00, E9, 3F, F2, 09, 00, E9, 16, 68, 09, 00, 33, C0, A0, DD, A3, 4B, 00, C3, A1, F3, A3, 4B, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, B8, 00, 00, 00, 0B, C9...
 
[+]

Entropy:
3.8900

Code size:
740 KB (757,760 bytes)

InstalledComponents
Name:
{5Y99AE78-58TT-11dW-BE53-Y67078979Y}


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.ovip.icq.com  (178.237.20.20:80)

TCP (HTTP):
Connects to lb-182-209.above.com  (103.224.182.209:80)

Remove services.exe - Powered by Reason Core Security