home

template_x86_windows_svc.exe

Rapid7 LLC

The executable template_x86_windows_svc.exe has been detected as malware by 16 anti-virus scanners.
Publisher:
Rapid7 LLC  (signed and verified)

MD5:
edeceecf19bc3a62a0f69b1aa8b50241

SHA-1:
375d260363d7a08c1b6e2e23b0a4f3c00403215a

SHA-256:
8d1dc050dd671c40da71971bb0b2834cf1d2d579dfaf2349edf4b7e6d98b7e11

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
1/1/2025 10:26:40 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.9334
378

Agnitum Outpost
Trojan.Inject
7.1.1

Arcabit
Trojan.Symmi.D2476
1.0.0.589

Baidu Antivirus
Trojan.Win32.Inject
4.0.3.16123

Bitdefender
Gen:Variant.Symmi.9334
1.0.20.115

Dr.Web
Trojan.Inject.44905
9.0.1.023

Emsisoft Anti-Malware
Gen:Variant.Symmi.9334
8.16.01.23.02

ESET NOD32
Win32/Inject.NIQ (variant)
10.12514

F-Secure
Gen:Variant.Symmi.9334
11.2016-23-01_7

G Data
Gen:Variant.Symmi.9334
16.1.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17751

MicroWorld eScan
Gen:Variant.Symmi.9334
17.0.0.69

NANO AntiVirus
Trojan.Win32.Inject.crjqdm
0.30.26.4437

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16121

Zillya! Antivirus
Trojan.Agent.Win32.224652
2.0.0.2493

File size:
14.3 KB (14,656 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\niet\apps\pro\data\exe_templates\pro\template_x86_windows_svc.exe

Digital Signature
Signed by:
Rapid7 LLC

Authority:
GoDaddy.com, Inc.

Valid from:
11/29/2010 7:44:15 PM

Valid to:
11/29/2011 7:44:15 PM

Subject:
CN=Rapid7 LLC, OU=Metasploit, O=Rapid7 LLC, L=Boston, S=MA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B323EEBBACEDD

File PE Metadata
Compilation timestamp:
11/30/2010 6:40:56 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
96:SyRkP0EMoIlXxaY+4sLDmBVNZ5xmFDxCkFWBqb60tD:SyRU0EMomXxhseHD5JkFWBnU

Entry address:
0x12E0

Entry point:
55, 8B, EC, 83, EC, 14, A1, 1C, 30, 40, 00, 89, 45, F0, C7, 45, F4, 90, 10, 40, 00, C7, 45, F8, 00, 00, 00, 00, C7, 45, FC, 00, 00, 00, 00, 6A, 00, E8, 06, FF, FF, FF, 83, C4, 04, 89, 45, EC, 83, 7D, EC, 00, 75, 04, 33, C0, EB, 29, 8B, 4D, EC, 89, 0D, 1C, 30, 40, 00, 8B, 15, 1C, 30, 40, 00, 81, C2, 00, 20, 00, 00, 89, 55, F0, 8D, 45, F0, 50, FF, 15, 04, 20, 40, 00, EB, 05, B8, 01, 00, 00, 00, 8B, E5, 5D, C2, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1024 Bytes (1,024 bytes)

Remove template_x86_windows_svc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.