home

ookyou.exe

server 应用程序

The executable ookyou.exe, “server Microsoft 基础类应用程序” has been detected as malware by 14 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Gryptographic Services”.
Product:
server 应用程序

Description:
server Microsoft 基础类应用程序

Version:
1, 0, 0, 1

MD5:
424ea5cbd93d98f573ad30cb9b25e254

SHA-1:
3ddb4fa66fb0ca449af14394cffb9c79a9a5f560

SHA-256:
d3693198b0fb0b6b171bcc2a0cb9a535d2b760196f573378aa46749ca8844afd

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
4/25/2024 2:46:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Virtob.Gen.12
5691347

avast!
Win32:Vitro
160201-0

Clam AntiVirus
Trojan.MicroFake-1
0.98/21331

Dr.Web
Win32.Virut.56
9.0.1.05190

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
10.0.0.5366

ESET NOD32
Win32/Virut.NBP virus
7.0.302.0

F-Prot
W32/MalwareF.YMPW
4.6.5.141

F-Secure
Win32.Virtob.Gen.12
5.15.21

Kaspersky
Virus.Win32.Virut
15.0.0.562

McAfee
Trojan.GenericR-FRI!9F99565FB777
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5053.0

Norman
Win32.Virtob.Gen.12
11.01.2016 17:30:26

Sophos
Virus 'Mal/Nitol-C'
5.22

VIPRE Antivirus
Threat.4120919
46244

File size:
65.5 KB (67,072 bytes)

Product version:
1, 0, 0, 1

Copyright:
版权所有 (C) 2010

Original file name:
server.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\Windows\System32\ookyou.exe

File PE Metadata
Compilation timestamp:
1/16/2008 6:10:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:MJ2fihetzvcGpimy3cDyzzmgQ+9+H4NTIRrBN3upo/:MJ60etIayzz9Q6M4N0ZBN3t

Entry address:
0x37EF

Entry point:
55, 8B, EC, 6A, FF, 68, 98, 64, 40, 00, 68, C0, 37, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 18, 62, 40, 00, 59, 83, 0D, C0, 93, 40, 00, FF, 83, 0D, C4, 93, 40, 00, FF, FF, 15, 1C, 62, 40, 00, 8B, 0D, 90, 93, 40, 00, 89, 08, FF, 15, 20, 62, 40, 00, 8B, 0D, 8C, 93, 40, 00, 89, 08, A1, 24, 62, 40, 00, 8B, 00, A3, BC, 93, 40, 00, E8, 17, 01, 00, 00, 39, 1D, 20, 86, 40, 00, 75, 0C, 68, 72, 39, 40, 00, FF, 15, 28, 62...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
20 KB (20,480 bytes)

Service
Display name:
Gryptographic Services

Description:
´Ë¼ÆËã»úÌí¼ÓºÍɾ³ýÊÜПùÖ¤Êé°ä·¢»ú¹¹µÄÖ¤Ê飻ºÍÃÜÔ¿(Key)·þÎñ

Type:
Win32OwnProcess


Remove ookyou.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.