» service.exe
Overview
Analysis
File Details
Behaviors (1)

service.exe

The application service.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘service.exe’. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes.

File name:

service.exe

MD5:

2471b6983a3886bed88fc91449ecd212

SHA-1:

b82c9990847f3ce4ba56c4c8452b6d6d34ab3201

SHA-256:

5925bdab2a3938c83405b62bb54308f61be13088418f575db2f9b354dd6761ff

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 8:42:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.741597

655

Agnitum Outpost

Riskware.FreeKeylogger

7.1.1

avast!

Win32:Rootkit-gen [Rtk]

2014.9-150421

AVG

Logger

2016.0.3133

Baidu Antivirus

Trojan.Win32.FreeKeylogger

4.0.3.15421

Bitdefender

Application.Generic.741597

1.0.20.555

Comodo Security

UnclassifiedMalware

21667

Dr.Web

Trojan.KillFiles.22471

9.0.1.0111

ESET NOD32

Win32/KeyLogger.FreeKeylogger (variant)

9.11431

F-Secure

Application.Generic.741597

11.2015-21-04_3

G Data

Application.Generic.741597

15.4.25

IKARUS anti.virus

PUA.KeyLogger.Freekeylogger

t3scan.1.8.9.0

McAfee

RDN/Generic PUP.x!clk

5600.6789

Microsoft Security Essentials

MonitoringTool:Win32/Freekey

1.1.11502.0

MicroWorld eScan

Application.Generic.741597

16.0.0.333

NANO AntiVirus

Trojan.Win32.KeyLogger.devbse

0.30.8.659

Norman

Freekey.A

11.20150421

Panda Antivirus

Trj/Genetic.gen

15.04.21.07

Quick Heal

MonitoringTool.Freekey.r8 (Not a Virus)

4.15.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.21.3

Sophos

Generic PUA LI

4.98

Trend Micro House Call

TROJ_GEN.R047C0OHM14

7.2.111

Trend Micro

TROJ_GEN.R047C0OHM14

10.465.21

VIPRE Antivirus

Trojan.Win32.Generic

39108

File size:

927 KB (949,248 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\fk_monitor\service.exe

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:W6TX9OiEhF4ceGKKaJ04VGetO7tnZx4Ksc2pyO7xMDRLCN6gKz+60w6ySURTxkU0:l9OiE3znZFsc2pyRCw+60w6jURTa

Entry address:

0xC7570

Entry point:

55, 8B, EC, 83, C4, F0, 33, C0, 89, 45, F0, B8, 18, 71, 4C, 00, E8, FF, F1, F3, FF, 33, C0, 55, 68, 29, 76, 4C, 00, 64, FF, 30, 64, 89, 20, A1, DC, BF, 4C, 00, 8B, 00, E8, 91, 19, F8, FF, A1, DC, BF, 4C, 00, 8B, 00, 33, D2, E8, 87, 15, F8, FF, 8B, 0D, 04, C1, 4C, 00, A1, DC, BF, 4C, 00, 8B, 00, 8B, 15, 20, EF, 4B, 00, E8, 83, 19, F8, FF, 8B, 0D, 30, C1, 4C, 00, A1, DC, BF, 4C, 00, 8B, 00, 8B, 15, D4, E2, 4B, 00, E8, 6B, 19, F8, FF, 8D, 55, F0, B8, 01, 00, 00, 00, E8, FA, B2, F3, FF, 8B, 45, F0, BA, 40, 76... 
[+]

Entropy:

6.5149

Developed / compiled with:

Microsoft Visual C++

Code size:

794 KB (813,056 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

service.exe

Command:

C:\Program Files\fk_monitor\service.exe

Remove service.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.