services.exe

The executable services.exe has been detected as malware by 40 anti-virus scanners. While running, it connects to the Internet address lb-182-209.above.com on port 80 using the HTTP protocol.
MD5:
5612924dff68e30e90d5d7e4e1a56a20

SHA-1:
0c7ed1bf6f54cc279da9e222633edea6701ea28a

SHA-256:
3f8c71c6e8d69a5309259109c41d9fe7d169d5efe844c304f867513b9c22b9f3

Scanner detections:
40 / 68

Status:
Malware

Analysis date:
12/25/2024 2:01:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Backdoor.Prorat.19
-29

Agnitum Outpost
Backdoor.Prorat
7.1.1

AhnLab V3 Security
Trojan/Win32.Prorat
17.03.05

Avira AntiVirus
BDS/ProRat.Gen
7.11.150.164

avast!
Win32:Prorat-H [Trj]
2014.9-170305

AVG
BackDoor.Generic3
2018.0.2449

Baidu Antivirus
Trojan.Win32.Prorat
4.0.3.1735

Bitdefender
Backdoor.Prorat.19
1.0.20.320

Bkav FE
W32.CamipesK.Trojan
1.3.0.4959

Clam AntiVirus
Trojan.Prorat.19.A-srv
0.98/213

Comodo Security
Backdoor.Win32.Prorat.19
18306

Dr.Web
BackDoor.ProRat.19
9.0.1.064

Emsisoft Anti-Malware
Backdoor.Prorat.19
8.17.03.05.06

ESET NOD32
Win32/Prorat.19
11.9823

Fortinet FortiGate
W32/Prorat.19!tr.bdr
3/5/2017

F-Prot
W32/Prorat.AW
v6.4.7.1.166

F-Secure
Backdoor.Prorat.19
11.2017-05-03_1

G Data
Backdoor.Prorat.19
17.3.24

IKARUS anti.virus
Backdoor.Win32.Prorat
t3scan.1.6.1.0

K7 AntiVirus
Backdoor
13.177.12128

Kaspersky
Trojan-Downloader.Win32.Genome
14.0.0.-1261

Malwarebytes
Trojan.Backdoor
v2017.03.05.06

McAfee
BackDoor-AVW
5600.6105

Microsoft Security Essentials
Backdoor:Win32/Prorat.Y
1.10502

MicroWorld eScan
Backdoor.Prorat.19
18.0.0.192

NANO AntiVirus
Trojan.Win32.Prorat.dled
0.28.0.59921

Norman
Prorat.JT
11.20170305

nProtect
Backdoor/W32.Prorat.351788.C
14.05.20.01

Panda Antivirus
Bck/Prorat.EV
17.03.05.06

Qihoo 360 Security
Win32/Backdoor.6ef
1.0.0.1015

Quick Heal
Win32.Backdoor.Prorat.19.3.Pack
3.17.14.00

Rising Antivirus
PE:Dropper.Agent.aez!1173780470
23.00.65.17303

SUPERAntiSpyware
Trojan.Agent/Gen-Prorat
8554

Total Defense
Win32/ProRat.AX
37.0.10948

Trend Micro House Call
BKDR_AVW.A
7.2.64

Trend Micro
BKDR_AVW.A
10.465.05

Vba32 AntiVirus
MalwareScope.Trojan-PSW.Pinch.1
3.12.26.0

VIPRE Antivirus
BehavesLike.Win32.Malware.ssc (mx-v)
29412

ViRobot
Backdoor.Win32.Prorat.409600.B
2011.4.7.4223

Zillya! Antivirus
Backdoor.Prorat.Win32.42
2.0.0.1794

File size:
343.5 KB (351,788 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\services.exe

File PE Metadata
Compilation timestamp:
9/1/2004 12:11:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

Entry address:
0x1F6810

Entry point:
60, BE, 00, 20, 5A, 00, 8D, BE, 00, F0, E5, FF, C7, 87, DC, 33, 1D, 00, 06, D7, 13, E8, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
340 KB (348,160 bytes)

InstalledComponents
Name:
{5Y99AE78-58TT-11dW-BE53-Y67078979Y}


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.ovip.icq.com  (178.237.20.20:80)

TCP (HTTP):
Connects to lb-182-209.above.com  (103.224.182.209:80)

Remove services.exe - Powered by Reason Core Security