home

services.exe

Services and Controller app

Microsoft

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable services.exe, “Services and Controller app” has been detected as malware by 28 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘DDXPPXCE’.
Publisher:
Microsoft Corporation  (signed by Microsoft)

Product:
Microsoft® Windows® Operating System

Description:
Services and Controller app

Version:
5.1.2600.5512 (xpsp.080413-2111)

MD5:
36a97d98df62898a49385397dfcb73cf

SHA-1:
d6f916b2fc9f1eed3db8a495092032d10c850369

SHA-256:
46014410ee06ec0887910ed9a705afd4679a4e04073d80b02f5a6b6065b4cb31

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
11/16/2024 6:51:41 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Autorun.worm.402448.B
2011.07.05

Avira AntiVirus
Worm/Wofopey.A
7.11.10.223

avast!
Win32:Rootkit-gen [Rtk]
2014.9-160618

AVG
Worm/Generic
2017.0.2708

Bitdefender
Worm.Generic.323438
1.0.20.850

Clam AntiVirus
Trojan.Clicker-4021
0.98/18011

Comodo Security
Heur.Suspicious
9286

Dr.Web
Trojan.Click1.26052
9.0.1.0170

Emsisoft Anti-Malware
Trojan-Clicker.Win32.Agent!IK
8.16.06.18.02

ESET NOD32
Win32/AutoRun.AEZ
10.6266

Fortinet FortiGate
W32/ClickerAgent.OLP!tr
6/18/2016

F-Prot
W32/Worm.BLGL
v6.4.6.2.117

F-Secure
Worm.Generic.323438
11.2016-18-06_7

G Data
Worm.Generic.323438
16.6.22

IKARUS anti.virus
Trojan-Clicker.Win32.Agent
t3scan.1.1.104.0

K7 AntiVirus
Trojan
13.107.4870

Kaspersky
Worm.Win32.AutoRun
14.0.0.37

McAfee
Generic.dx!wxl
5600.6364

Microsoft Security Essentials
Worm:Win32/Wofopey.A
1.163.1557.0

Norman
W32/Wofopey.A
11.20160618

nProtect
Trojan-Clicker/W32.Agent.402448
11.07.05.03

Panda Antivirus
W32/Autorun.KBE
16.06.18.02

Rising Antivirus
Trojan.Win32.Generic.12454A2B
23.00.65.16616

Sophos
Mal/Autorun-AH
4.67

Trend Micro House Call
WORM_OTORUN.SMJA
7.2.170

Trend Micro
WORM_OTORUN.SMJA
10.465.18

Vba32 AntiVirus
Trojan.AutoRun.aez
3.12.16.4

VIPRE Antivirus
Trojan.Win32.Generic
9780

File size:
393 KB (402,448 bytes)

Product version:
5.1.2600.5512

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
services.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\ahmad\userdata\services.exe

Digital Signature
Signed by:
Microsoft

Authority:
Microsoft

Valid from:
12/31/1999 11:30:00 AM

Valid to:
12/31/2098 11:30:00 AM

Subject:
CN=Microsoft

Issuer:
CN=Microsoft

Serial number:
3C7D826D713CFF9646BDA02B7E542C7B

File PE Metadata
Compilation timestamp:
8/10/2010 5:32:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:aXfxZiLQtdSfcsrPUgYWvHlybzGE1qclbHFrJXOihq90Y7H9Mz/v:aXfzYUgYPfGE1dlrFgX

Entry address:
0x26C2B

Entry point:
E8, 73, 6A, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, A0, 37, 45, 00, 75, 02, F3, C3, E9, F3, 6A, 00, 00, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 91, 24, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 4B, 13, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 6C, 24, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, AA, 6B, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, 44, 24, 04, 85, C0, 74, 12, 83, E8, 08, 81...
 
[+]

Entropy:
6.3201

Code size:
256 KB (262,144 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DDXPPXCE

Command:
C:\users\ahmad\userdata\services.exe


Remove services.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.