service.exe

The application service.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “GoogleChromeUpService”. While running, it connects to the Internet address customer.sharktech.net on port 80 using the HTTP protocol.
Version:
1.0.0.12

MD5:
a7bace6d5200de46fa73dee3c5e91618

SHA-1:
5dbef5b39739c6dad85973f5182df0a0208127e6

SHA-256:
e240bc84d64a28b9c072fd6df78357911b7294da128b2ee0f68517b969154f8f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
2/8/2017 3:16:57 PM UTC  (eleven months)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Downloader (M)
17.2.8.10

File size:
1.6 MB (1,722,368 bytes)

Product version:
1.0.0.12

Copyright:
Copyright (C) 2015

Original file name:
service.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\ProgramData\service.exe

File PE Metadata
Compilation timestamp:
11/19/2006 4:40:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x19CBEB

Entry point:
76, 0A, FE, C0, 86, CC, 69, D0, F2, 0F, E0, CA, 68, F5, A8, 70, 00, 84, DE, C7, C2, B5, 8E, 43, 1D, 0F, AF, FF, 84, FD, 8A, F5, 69, E9, 40, A9, F3, 67, 86, FD, 83, E7, 00, 80, DB, 54, 87, EB, 0F, AF, C7, 0A, FF, B5, E2, 0A, C6, 81, C7, A8, 07, 00, 00, 4A, 81, EF, A7, 07, 00, 00, C7, C5, 2F, 15, 2C, B6, BA, A9, D7, 40, 6A, 0F, AF, D1, 84, DA, 81, FD, 41, B0, B5, 3F, 84, DD, 81, FF, 16, 08, 00, 00, 0F, 8C, C1, FF, FF, FF, 84, C0, F2, 3D, A6, 61, 00, 00, 70, 06, 4B, 25, 41, 24, 6A, 5F, E8, 24, 00, 00, 00, 8D...
 
[+]

Entropy:
6.4391

Code size:
1.2 MB (1,247,232 bytes)

Service
Display name:
GoogleChromeUpService

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-50-63-202-38.ip.secureserver.net  (50.63.202.38:80)

TCP (HTTP):
Connects to cloud.sunserver.in  (162.144.52.241:80)

TCP (HTTP):
Connects to customer.sharktech.net  (104.160.178.242:80)

TCP (HTTP):
Connects to reverse-31-186-8-101.turkticaret.net  (31.186.8.101:80)

Remove service.exe - Powered by Reason Core Security