Download
Community
knowledgeBase
» services.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)
services.exe
The executable services.exe has been detected as malware by 36 anti-virus scanners. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.
File name:
services.exe
MD5:
3bc2f16da3ef43c5854c3eff746c49bf
SHA-1:
0653367782aa31c6cac3e30ec02c3bd5f9d70b48
Analysis
Scanner detections:
36 / 68
Status:
Malware
Analysis date:
5/22/2024 1:03:31 AM UTC
(today)
Scan engine
Detection
Engine version
Lavasoft Ad-Aware
Backdoor.Generic.761756
327
Agnitum Outpost
I-Worm.Brontok.EP
7.1.1
Avira AntiVirus
Worm/Brontok.A.2.B
7.11.121.78
avast!
Win32:Brontok-CE [Wrm]
2014.9-160313
AVG
I-Worm/Brontok.X
2017.0.2805
Baidu Antivirus
Worm.Win32.Brontok
4.0.3.16313
Bitdefender
Backdoor.Generic.761756
1.0.20.365
Bkav FE
W32.BrontokQ
1.3.0.4613
Clam AntiVirus
Worm.Brontok.AI
0.98/18355
Comodo Security
Worm.Win32.Brontok.EJ
17479
Dr.Web
BackDoor.Generic.1138
9.0.1.073
Emsisoft Anti-Malware
Backdoor.Generic.761756
8.16.03.13.09
ESET NOD32
Win32/Brontok.EJ
10.9190
F-Prot
W32/Brontok.DQ@mm
v6.4.7.1.166
F-Secure
Backdoor.Generic.761756
11.2016-13-03_1
G Data
Backdoor.Generic.761756
16.3.22
IKARUS anti.virus
Email-Worm.Win32.Brontok
t3scan.2.2.29
K7 AntiVirus
EmailWorm
13.174.10588
Kaspersky
Email-Worm.Win32.Brontok
14.0.0.521
Malwarebytes
Trojan.Dropper
v2016.03.13.09
McAfee
W32/Rontokbro.gen@MM
5600.6461
Microsoft Security Essentials
Worm:Win32/Brontok.BI@mm
1.165.247.01
MicroWorld eScan
Backdoor.Generic.761756
17.0.0.219
NANO AntiVirus
Trojan.Win32.Brontok.ppbk
0.28.0.57029
Norman
Rontokbro
11.20160313
Panda Antivirus
W32/Brontok.GS.worm
16.03.13.09
Quick Heal
W32.Brontok.Q
3.16.12.00
Rising Antivirus
PE:Malware.FakeFolder@CV!1.6AA9
23.00.65.16311
Sophos
W32/Brontok-N
4.96
SUPERAntiSpyware
Trojan.Agent/Gen-SV
9267
Total Defense
Win32/Robknot.DJ
37.0.10653
Trend Micro House Call
WORM_RONTKBR.GEN
7.2.73
Trend Micro
WORM_RONTKBR.GEN
10.465.13
Vba32 AntiVirus
OScope.Trojan.VB.01849
3.12.24.3
VIPRE Antivirus
Email-Worm.Win32.Brontok.ik
24608
ViRobot
I-Worm.Win32.A.Brontok.45378
2011.4.7.4223
File Details
File size:
44.3 KB (45,378 bytes)
File type:
Executable application (Win32 EXE)
Common path:
C:\Documents and Settings\{user}\Application data\services.exe
File PE Metadata
OS version:
4.0
OS bitness:
Win32
Subsystem:
Windows GUI
Linker version:
5.12
CTPH (ssdeep):
768:abk/Jm3HmOwy5elWMSthN+H2QCM8QI6JbETCs1v35BMCW:ocJm3/wLlWtaWozIYwGU56
Entry address:
0x30F29
Entry point:
E9, 26, F2, FC, FF, 0C, 60, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0F, 03, 00, 0C, 60, 02, 00...
[+]
Packer / compiler:
RLPack FullEdition V1.1X
Code size:
512 Bytes (512 bytes)
Behaviors
Safe Boot Alternate Shell
Name:
cmd-bro-pmx.exe
Network Communications
The executing file has been seen to make the following network communication in live environments.
TCP (HTTP):
Connects to
unknown.prolexic.com
 (72.52.4.121:80)
Remove services.exe
- Powered by Reason Core Security
X