» services.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

services.exe

The executable services.exe has been detected as malware by 36 anti-virus scanners. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.

File name:

services.exe

MD5:

3bc2f16da3ef43c5854c3eff746c49bf

SHA-1:

0653367782aa31c6cac3e30ec02c3bd5f9d70b48

Scanner detections:

36 / 68

Status:

Malware

Analysis date:

5/22/2024 1:03:31 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Backdoor.Generic.761756

327

Agnitum Outpost

I-Worm.Brontok.EP

7.1.1

Avira AntiVirus

Worm/Brontok.A.2.B

7.11.121.78

avast!

Win32:Brontok-CE [Wrm]

2014.9-160313

AVG

I-Worm/Brontok.X

2017.0.2805

Baidu Antivirus

Worm.Win32.Brontok

4.0.3.16313

Bitdefender

Backdoor.Generic.761756

1.0.20.365

Bkav FE

W32.BrontokQ

1.3.0.4613

Clam AntiVirus

Worm.Brontok.AI

0.98/18355

Comodo Security

Worm.Win32.Brontok.EJ

17479

Dr.Web

BackDoor.Generic.1138

9.0.1.073

Emsisoft Anti-Malware

Backdoor.Generic.761756

8.16.03.13.09

ESET NOD32

Win32/Brontok.EJ

10.9190

F-Prot

W32/Brontok.DQ@mm

v6.4.7.1.166

F-Secure

Backdoor.Generic.761756

11.2016-13-03_1

G Data

Backdoor.Generic.761756

16.3.22

IKARUS anti.virus

Email-Worm.Win32.Brontok

t3scan.2.2.29

K7 AntiVirus

EmailWorm

13.174.10588

Kaspersky

Email-Worm.Win32.Brontok

14.0.0.521

Malwarebytes

Trojan.Dropper

v2016.03.13.09

McAfee

W32/Rontokbro.gen@MM

5600.6461

Microsoft Security Essentials

Worm:Win32/Brontok.BI@mm

1.165.247.01

MicroWorld eScan

Backdoor.Generic.761756

17.0.0.219

NANO AntiVirus

Trojan.Win32.Brontok.ppbk

0.28.0.57029

Norman

Rontokbro

11.20160313

Panda Antivirus

W32/Brontok.GS.worm

16.03.13.09

Quick Heal

W32.Brontok.Q

3.16.12.00

Rising Antivirus

PE:Malware.FakeFolder@CV!1.6AA9

23.00.65.16311

Sophos

W32/Brontok-N

4.96

SUPERAntiSpyware

Trojan.Agent/Gen-SV

9267

Total Defense

Win32/Robknot.DJ

37.0.10653

Trend Micro House Call

WORM_RONTKBR.GEN

7.2.73

Trend Micro

WORM_RONTKBR.GEN

10.465.13

Vba32 AntiVirus

OScope.Trojan.VB.01849

3.12.24.3

VIPRE Antivirus

Email-Worm.Win32.Brontok.ik

24608

ViRobot

I-Worm.Win32.A.Brontok.45378

2011.4.7.4223

File size:

44.3 KB (45,378 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\services.exe

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

768:abk/Jm3HmOwy5elWMSthN+H2QCM8QI6JbETCs1v35BMCW:ocJm3/wLlWtaWozIYwGU56

Entry address:

0x30F29

Entry point:

E9, 26, F2, FC, FF, 0C, 60, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0F, 03, 00, 0C, 60, 02, 00... 
[+]

Packer / compiler:

RLPack FullEdition V1.1X

Code size:

512 Bytes (512 bytes)

Safe Boot Alternate Shell

Name:

cmd-bro-pmx.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.121:80)

Remove services.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.