home

services.exe

The executable services.exe has been detected as malware by 4 anti-virus scanners.
MD5:
6a2c90c319566343874d65eab1f532ea

SHA-1:
5661951ea4a2681e28bb4e7e797a1f8a537595e4

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
1/13/2025 4:41:20 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Prorat-23
0.98/23159

F-Secure
Backdoor.Generic.21020
5.16.24

Kaspersky
Backdoor.Win32.Prorat
15.0.2.529

Microsoft Security Essentials
Backdoor:Win32/Prorat.K
1.237.536.0

File size:
444.5 KB (455,168 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\services.exe

File PE Metadata
Compilation timestamp:
1/31/2008 5:09:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

Entry address:
0x205AA2

Entry point:
0F, BE, C7, 24, 63, 50, 0F, B6, E9, BF, 34, 3F, 8F, 18, 8A, F0, 87, DA, 0F, B6, F9, 84, F9, 86, EB, 68, 25, 53, D8, 00, 85, C0, 22, C5, F2, E8, 84, 00, 00, 00, 8D, 35, CE, EB, ED, 95, 8D, 0D, 02, 93, 73, 66, 0F, AF, CD, BE, CC, 12, A1, D7, 84, C1, 0F, BE, C5, 00, E8, 69, CF, CA, 50, C3, 0F, 32, C4, 02, C8, 0F, B6, F7, 33, C0, 69, ED, 2C, 51, 3F, 6B, 35, B2, A5, 00, 00, 88, F1, 31, EE, C6, C1, 19, 8D, 0D, 1F, 81, 01, D6, 2B, D2, 87, F5, 86, E9, 69, F3, 37, CE, 41, 78, 0B, D0, 8B, E9, 81, F2, 69, 00, 00, 00...
 
[+]

Entropy:
7.9137  (probably packed)

Code size:
340 KB (348,160 bytes)

InstalledComponents
Name:
{5Y99AE78-58TT-11dW-BE53-Y67078979Y}


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mailserver40.mylittledatacenter.com  (144.76.167.153:80)

TCP (HTTP):
Connects to ec2-52-28-249-128.eu-central-1.compute.amazonaws.com  (52.28.249.128:80)

TCP (HTTP):
Connects to 93-89-224-9.fbs.com.tr  (93.89.224.9:80)

TCP (HTTP):
Connects to 210.151.74.137.fr.axspace.com  (137.74.151.210:80)

Remove services.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.