Download
Community
knowledgeBase
» services.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (9)
services.exe
The executable services.exe has been detected as malware by 41 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named avaavaevy triggered by a time event. This file is typically installed with the program webssearches uninstall by Hefei Zhimingxingtong Software&Technology Co., Ltd. which is a potentially unwanted software program. While running, it connects to the Internet address media-router-fp1.prod.media.vip.bf1.yahoo.com on port 443.
File name:
services.exe
MD5:
ef44b817dceb4c3bfd21fd3d08b5d28d
SHA-1:
5cfe3e6816b989c1ddc1415dd7a257d41a0fbf74
SHA-256:
c47e8581dd463ca08ed499ba1199583a04b5bdaf6f49523f21a0b48c31d6a444
Analysis
Scanner detections:
41 / 68
Status:
Malware
Analysis date:
12/26/2024 12:38:20 AM UTC
(today)
Scan engine
Detection
Engine version
Lavasoft Ad-Aware
Win32.Brontok.MK
652
Agnitum Outpost
I-Worm.Brontok
7.1.1
AhnLab V3 Security
Win32/Brontok.worm.42667
2015.04.21
Avira AntiVirus
WORM/Brontok.C
3.6.1.96
avast!
Win32:Rontokbr-L [Wrm]
2014.9-150423
AVG
Worm/Brontok
2016.0.3130
Baidu Antivirus
Trojan.Win32.FakeFolder
4.0.3.15423
Bitdefender
Win32.Brontok.MK
1.0.20.565
Bkav FE
W32.RontokbroHK
1.3.0.6379
Clam AntiVirus
Worm.Brontok.E
0.98/21511
Comodo Security
Packed.Win32.Packer.~GEN
21835
Dr.Web
Win32.Virut.5
9.0.1.0113
Emsisoft Anti-Malware
Win32.Brontok.MK
8.15.04.23.03
ESET NOD32
Win32/Brontok
9.11503
Fortinet FortiGate
W32/Brontok.C@mm
4/23/2015
F-Prot
W32/EmailWorm.GS
v6.4.7.1.166
F-Secure
Win32.Brontok.MK
11.2015-23-04_5
G Data
Win32.Brontok.MK
15.4.25
IKARUS anti.virus
Email-Worm.Win32.Brontok
t3scan.1.8.9.0
K7 AntiVirus
Trojan
13.202.15649
Kaspersky
Trojan.Win32.Genome
14.0.0.2147
Malwarebytes
Trojan.Dropper
v2015.04.23.03
McAfee
W32/Rontokbro.gen@MM
5600.6786
Microsoft Security Essentials
Worm:Win32/Brontok@mm
1.1.11502.0
MicroWorld eScan
Win32.Brontok.MK
16.0.0.339
NANO AntiVirus
Trojan.Win32.Brontok.bmcat
0.30.16.1110
Norman
Alman.E
11.20150423
nProtect
Worm/W32.Brontok.42667
15.04.20.01
Panda Antivirus
W32/Brontok.GS.worm
15.04.23.03
Qihoo 360 Security
Win32/Trojan.4a4
1.0.0.1015
Quick Heal
W32.Brontok.Q
4.15.14.00
Rising Antivirus
PE:Trojan.Win32.Generic.13334469!322126953
23.00.65.15421
Sophos
W32/Brontok-Gen
4.98
SUPERAntiSpyware
Trojan.Agent/Gen-FakeSec
9918
Total Defense
Win32/Robknot.EB
37.1.62.1
Trend Micro House Call
WORM_RONTOKBR.CF
7.2.113
Trend Micro
WORM_RONTOKBR.CF
10.465.23
Vba32 AntiVirus
Worm.Brontok
3.12.26.3
VIPRE Antivirus
Email-Worm.Win32.Brontok.a
39516
ViRobot
I-Worm.Win32.Brontok.42667.A[h]
2014.3.20.0
Zillya! Antivirus
Worm.Brontok.Win32.914
2.0.0.2145
File Details
File size:
41.7 KB (42,667 bytes)
File type:
Executable application (Win32 EXE)
Common path:
C:\users\{user}\appdata\local\services.exe
File PE Metadata
OS version:
4.0
OS bitness:
Win32
Subsystem:
Windows GUI
Linker version:
5.12
CTPH (ssdeep):
768:yzL/a40DKwDRxMXyfSI0tVqoNbpVeMOxMp6qX2Yv35BMCU:MafVleX4gioNLCMp9225A
Entry address:
0x2F492
Entry point:
E9, BD, 0C, FD, FF, 0C, 50, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 69, F4, 02, 00, 0C, 50, 02, 00...
[+]
Entropy:
7.2795
Packer / compiler:
RLPack FullEdition V1.1X
Code size:
512 Bytes (512 bytes)
Behaviors
Scheduled Task
Task name:
avaavaevy
Trigger:
Time
Programs
The file services.exe has been discovered within the following program.
webssearches uninstall
by Hefei Zhimingxingtong Software&Technology Co., Ltd.
webssearches is an adware (advertising supported) web browser application that is designed to display banner ads as well as contextual link ads (such as hyperlinks the user will see underlined).
83% remove it
Powered by
Should I Remove It?
Network Communications
The executing file has been seen to make the following network communications in live environments.
TCP (HTTP SSL):
Connects to
ats.sbs.vip.dc11.lumsb.com
 (8.12.146.61:443)
TCP (HTTP):
Connects to
clipart.geo.vip.bf1.yahoo.com
 (98.137.201.117:80)
TCP (HTTP SSL):
Connects to
ir2.fp.vip.bf1.yahoo.com
 (98.139.183.24:443)
TCP (HTTP SSL):
Connects to
media-router-fp1.prod.media.vip.ne1.yahoo.com
 (98.138.252.38:443)
TCP (HTTP SSL):
Connects to
media-router-fp1.prod.media.vip.bf1.yahoo.com
 (98.139.180.180:443)
TCP (HTTP SSL):
Connects to
ir1.fp.vip.bf1.yahoo.com
 (98.139.180.149:443)
TCP (HTTP):
Connects to
a23-61-187-27.deploy.static.akamaitechnologies.com
 (23.61.187.27:80)
TCP (HTTP SSL):
Connects to
e2.ycpi.vip.bra.yahoo.com
 (200.152.162.161:443)
TCP (HTTP SSL):
Connects to
e1.ycpi.vip.bra.yahoo.com
 (200.152.162.135:443)
Remove services.exe
- Powered by Reason Core Security
X