home

services.exe

Microsoft VM

Wave Corporate Sistemas LTDA

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘win’.
Publisher:
Microsoft Corporation  (signed by Wave Corporate Sistemas LTDA)

Product:
Microsoft VM

Description:
Microsoft Corporation

Version:
4.00.0061

MD5:
47711341cc7059aa79d1145369a0d037

SHA-1:
e79410c2bf8e9f5816310c233be824aaeec663a7

SHA-256:
7c8d1e148e69e314ba22536ffa2dfa971bc7f14b21ca7b7b86be97194e23b354

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 12:00:21 AM UTC  (today)

File size:
5.9 MB (6,211,776 bytes)

Product version:
4.00.0061

Copyright:
Microsoft Copyright 2011

Trademarks:
Microsoft Corporation Inc.

Original file name:
services.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\services.exe

Digital Signature
Signed by:
Wave Corporate Sistemas LTDA

Authority:
COMODO CA Limited

Valid from:
3/6/2013 12:00:00 AM

Valid to:
3/31/2014 12:59:59 AM

Subject:
CN=Wave Corporate Sistemas LTDA, OU=Register, O=Wave Corporate Sistemas LTDA, STREET="Rua Waltrudes Correa, 297", L=São Paulo, S=São Paulo/Pq. São Domingos, PostalCode=05122-070, C=BR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3E5EB6C1AF61814663D09161FDAE8291

File PE Metadata
Compilation timestamp:
9/10/2013 2:03:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:FG45J456iohq5+X7Dgiohq5+X7DnxzqFCXIEzSL3cSZE4572Tqup2a4579g4CPMO:FFi3+Xwi3+X3Vq4YEza1y4CPMMlF

Entry address:
0x68A4

Entry point:
68, 3C, 71, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 58, 00, 00, 00, 40, 00, 00, 00, 5A, 91, 71, D2, 71, 06, 43, 40, A8, 79, 46, 11, DF, EF, 80, E5, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 69, 74, 0D, 0A, 0D, 0A, 57, 61, 76, 65, 69, 42, 6C, 6F, 63, 6B, 65, 72, 00, 76, 69, 63, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 20, 46, 72, 61, 6D, 65, 77, 6F, 72, 6B, 00, 72, 69, 62, 75, 00, 00, 00, 00, 01, 00, 06, 00, 28, 39, 41, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
5.9 MB (6,193,152 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
win

Command:
C:\windows\services.exe


Scan services.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.