home

services.exe

win32

The executable services.exe has been detected as malware by 3 anti-virus scanners. While running, it connects to the Internet address msnbot-157-55-109-224.search.msn.com on port 443.
Publisher:
Microsoft*  (Invalid match)

Product:
win32

Version:
1.0.0.0

MD5:
04a876b5bd11e849bbf978e45fc115d9

SHA-1:
c7283d9b68069df1ce46ee83cde074a703cb2fb4

SHA-256:
bf369a00c3510f8f44f2cfd34b6ec419a7a2adbe430865b96135a5e3670c09d1

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
4/19/2024 3:14:02 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Downloader-SQO [Trj]
2014.9-131223

G Data
Win32.Trojan.Agent.RMM6WV
13.12.22

Kaspersky
HEUR:Worm.Win32.Generic
14.0.0.4575

File size:
228.5 KB (233,984 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (C) 2013

Original file name:
services.exe

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\services.exe

File PE Metadata
Compilation timestamp:
1/16/2013 11:20:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:4QxY1YZLoV9XcU2geKbcXcS7KtihVpVJXys06JHVf3zKOAVQOTZJ:4cYuW5cUwlEiFXR06X3laQE

Entry address:
0x1499C

Entry point:
E8, CE, 68, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 94, 07, 00, 00, 3B, 0D, F4, 66, 43, 00, 75, 02, F3, C3, E9, 4A, 69, 00, 00, 8B, C1, 83, 60, 04, 00, C7, 00, 00, D5, 42, 00, C6, 40, 08, 00, C3, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 00, D5, 42, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, 08, D5, 42, 00, C3, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 57, 8B, F9, 74, 2D, 56, FF, 75, 08, E8, 2E, 30, 00, 00, 8D, 70, 01, 56, E8, 96, 06, 00, 00, 59...
 
[+]

Code size:
174 KB (178,176 bytes)

User Start Menu Item
Name:
services.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a-0001.a-msedge.net  (204.79.197.200:80)

TCP (HTTP SSL):
Connects to bn2b-cor003.api.p001.1drv.com  (131.253.14.230:443)

TCP (HTTP SSL):
Connects to msnbot-157-55-109-232.search.msn.com  (157.55.109.232:443)

TCP (HTTP SSL):
Connects to msnbot-157-55-109-230.search.msn.com  (157.55.109.230:443)

TCP (HTTP SSL):
Connects to msnbot-157-55-109-228.search.msn.com  (157.55.109.228:443)

TCP (HTTP SSL):
Connects to msnbot-157-55-109-224.search.msn.com  (157.55.109.224:443)

TCP (HTTP SSL):
Connects to i-sn2-cor002.api.p001.1drv.com  (40.77.225.248:443)

TCP (HTTP SSL):
Connects to bn3p-cor001.api.p001.1drv.com  (104.44.88.103:443)

TCP (HTTP SSL):
Connects to bn2b-cor004.api.p001.1drv.com  (131.253.14.229:443)

Remove services.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.