× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c1096f2855ca7e6a043b312ea80921d3ce445630697eb4f4850ae842424a602
File name: services.exe
Detection ratio: 41 / 57
Analysis date: 2015-05-14 17:35:59 UTC ( 2 weeks ago )
Antivirus Result Update
ALYac Trojan.Patched.Sirefef.C 20150514
AVG Patched_c.LYU 20150514
AVware Trojan.Win32.Generic!BT 20150514
Ad-Aware Trojan.Patched.Sirefef.C 20150514
AhnLab-V3 Win32/Zeroaccess.259072 20150514
Avast Win32:Sirefef-AII [Rtk] 20150514
Avira W32/Patched.UB 20150514
Baidu-International Trojan.Win32.Zeroaccess.42 20150513
BitDefender Trojan.Patched.Sirefef.C 20150514
CAT-QuickHeal W32.ZAccess.M4 20150514
ClamAV Trojan.Zeroaccess-473 20150514
Comodo UnclassifiedMalware 20150514
Cyren W32/Backdoor.EEKY-4949 20150514
DrWeb BackDoor.Maxplus.5220 20150514
ESET-NOD32 Win32/Sirefef.FC 20150514
Emsisoft Trojan.Patched.Sirefef.C (B) 20150514
F-Prot W32/Backdoor2.HKZP 20150514
F-Secure Virus:W32/ZeroAccess.B 20150514
Fortinet W32/ZAccInf.B!tr 20150514
GData Trojan.Patched.Sirefef.C 20150514
Ikarus Virus.Win32.ZAccess 20150514
K7AntiVirus Trojan ( 003b22a81 ) 20150514
K7GW Trojan ( 003b22a81 ) 20150514
Kaspersky Virus.Win32.ZAccess.m 20150514
McAfee ZeroAccess.ds.gen.c 20150514
McAfee-GW-Edition ZeroAccess.ds.gen.c 20150514
MicroWorld-eScan Trojan.Patched.Sirefef.C 20150514
Microsoft Virus:Win32/Sirefef.R 20150514
NANO-Antivirus Trojan.Win32.ZAccess.bfjnax 20150514
Norman ZAccInf.A 20150514
Panda W32/SirefefP 20150514
Qihoo-360 Trojan.Generic 20150514
Sophos Troj/ZAccInf-B 20150514
Symantec Trojan.Zeroaccess!inf4 20150514
Tencent Win32.Virus.Zaccess.Lipu 20150514
TheHacker Trojan/Sirefef.fc 20150514
TotalDefense Win32/ZAccess.ES 20150514
TrendMicro Mal_Siref32 20150514
TrendMicro-HouseCall Mal_Siref32 20150514
VIPRE Trojan.Win32.Generic!BT 20150514
ViRobot Win32.ZeroAccess.A[h] 20150514
AegisLab 20150514
Agnitum 20150514
Alibaba 20150514
Antiy-AVL 20150514
Bkav 20150514
ByteHero 20150514
CMC 20150513
Jiangmin 20150513
Kingsoft 20150514
Malwarebytes 20150514
Rising 20150514
SUPERAntiSpyware 20150514
VBA32 20150514
Zillya 20150514
Zoner 20150513
nProtect 20150514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name services.exe.mui
Internal name services.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Services and Controller app
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-13 23:11:23
Link date 12:11 AM 7/14/2009
Entry Point 0x0001388A
Number of sections 4
PE sections
PE imports
SetUnhandledExceptionFilter
GetLastError
SetErrorMode
UnhandledExceptionFilter
SetLastError
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
SetFileInformationByHandle
DuplicateHandle
CloseHandle
HeapCreate
HeapAlloc
HeapFree
HeapSetInformation
InterlockedExchange
InterlockedCompareExchange64
InterlockedCompareExchange
GetModuleHandleA
FreeLibrary
LoadStringW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
RegGetKeySecurity
RegLoadMUIStringW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegNotifyChangeKeyValue
RegQueryValueExW
LocalFree
LocalAlloc
Sleep
lstrlenW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetProcessId
OpenThreadToken
DeleteProcThreadAttributeList
GetCurrentProcess
TerminateProcess
ResumeThread
OpenProcessToken
CreateThread
SetThreadPriority
GetCurrentProcessId
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetProcessTimes
SetProcessShutdownParameters
ExitThread
GetCurrentThreadId
CreateProcessAsUserW
GetCurrentThread
QueryPerformanceCounter
WaitForMultipleObjectsEx
EnterCriticalSection
CreateEventW
InitializeCriticalSection
OpenProcess
OpenEventW
WaitForSingleObject
SetEvent
ResetEvent
LeaveCriticalSection
GetSystemTime
GetTickCount
GetComputerNameExW
GetSystemTimeAsFileTime
GetVersionExW
SetSecurityDescriptorDacl
GetTokenInformation
RevertToSelf
SetKernelObjectSecurity
FreeSid
CopySid
GetKernelObjectSecurity
GetSecurityDescriptorDacl
AddAccessAllowedAce
SetTokenInformation
CheckTokenMembership
AdjustTokenPrivileges
InitializeAcl
EqualSid
AllocateAndInitializeSid
GetLengthSid
ImpersonateLoggedOnUser
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
AddAce
AllocateLocallyUniqueId
LsaLookupOpenLocalPolicy
LsaLookupClose
LsaLookupGetDomainInfo
LsaLookupTranslateSids
LsaLookupFreeMemory
LsaLookupTranslateNames
LsaLookupManageSidNameMapping
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SystemFunction005
SystemFunction029
UuidFromStringW
RpcRevertToSelf
RpcServerSubscribeForNotification
RpcStringBindingParseW
RpcSsGetContextBinding
RpcBindingToStringBindingW
RpcImpersonateClient
RpcServerRegisterAuthInfoW
RpcAsyncAbortCall
RpcEpRegisterW
I_RpcMapWin32Status
RpcBindingFree
RpcServerInqBindings
I_RpcSessionStrictContextHandle
UuidEqual
RpcStringFreeW
RpcServerUnsubscribeForNotification
NdrServerCall2
I_RpcBindingIsClientLocal
RpcServerInqBindingHandle
RpcServerUseProtseqEpW
RpcBindingServerFromClient
UuidCreateNil
RpcServerInqDefaultPrincNameW
RpcServerUseProtseqW
RpcAsyncCompleteCall
RpcServerInqCallAttributesW
RpcServerRegisterIfEx
NdrAsyncServerCall
RpcServerInqCallAttributesA
I_RpcBindingInqLocalClientPID
UuidCreate
RpcBindingVectorFree
LogonUserExExW
_ultow_s
__p__fmode
wcstoul
memset
wcschr
_wcslwr
_ultow
_vsnwprintf
_cexit
?terminate@@YAXXZ
_ltow_s
memcpy
_wtol
exit
_XcptFilter
__setusermatherr
wcsrchr
_amsg_exit
_wcsicmp
_wcsnicmp
__p__commode
wcscspn
wcsncmp
__getmainargs
_controlfp
memmove
_except_handler4_common
time
wcsstr
_initterm
_exit
_ltow
__set_app_type
RtlConvertSharedToExclusive
DbgPrintEx
RtlUnicodeStringToInteger
RtlAppendUnicodeStringToString
RtlDeleteSecurityObject
RtlCreateSecurityDescriptor
NtQuerySymbolicLinkObject
RtlSetGroupSecurityDescriptor
NtOpenThreadToken
RtlInitializeCriticalSection
RtlValidSecurityDescriptor
NtOpenSymbolicLinkObject
RtlLengthRequiredSid
RtlConvertExclusiveToShared
RtlQuerySecurityObject
RtlAllocateHeap
NtDeleteValueKey
NtSetInformationProcess
RtlNtStatusToDosError
NtWaitForSingleObject
NtLoadDriver
RtlFreeUnicodeString
EtwRegisterTraceGuidsW
RtlAppendUnicodeToString
RtlInitializeSid
NtDuplicateToken
RtlLengthSecurityDescriptor
RtlAcquireSRWLockExclusive
RtlSetControlSecurityDescriptor
RtlAreAllAccessesGranted
NtQueryKey
NtSetEvent
NtQueryDirectoryObject
RtlAcquireResourceExclusive
EtwGetTraceEnableFlags
NtQueryValueKey
RtlCreateServiceSid
RtlEqualUnicodeString
NtFlushKey
NtSetSystemEnvironmentValue
RtlUnicodeStringToAnsiString
RtlDeregisterWait
RtlCopySid
RtlInitializeSRWLock
NtQuerySystemInformation
NtSetValueKey
RtlRegisterWait
RtlCreateAcl
EtwEventRegister
RtlSubAuthorityCountSid
NtQueryInformationFile
RtlSetDaclSecurityDescriptor
NtOpenThread
NtEnumerateKey
NtFilterToken
RtlAddAce
RtlInitUnicodeString
RtlSubAuthoritySid
NtSetInformationFile
NtCreateKey
EtwGetTraceEnableLevel
RtlAcquireResourceShared
RtlSetEnvironmentVariable
RtlSetProcessIsCritical
EtwTraceMessage
NtQueueApcThread
RtlUnhandledExceptionFilter
NtDeleteFile
RtlAnsiStringToUnicodeString
NtPrivilegeCheck
RtlNtStatusToDosErrorNoTeb
RtlExpandEnvironmentStrings_U
RtlMapGenericMask
NtTraceControl
NtInitializeRegistry
RtlDosPathNameToNtPathName_U
RtlLengthSid
RtlGetNtProductType
RtlInitAnsiString
NtOpenProcessToken
WinSqmAddToStream
RtlCopyLuid
RtlNewSecurityObject
NtShutdownSystem
RtlInitializeResource
NtAccessCheck
RtlValidRelativeSecurityDescriptor
NtClose
NtQueryInformationToken
RtlCopyUnicodeString
NtSetInformationThread
NtPrivilegeObjectAuditAlarm
NtOpenDirectoryObject
NtAccessCheckAndAuditAlarm
NtUnloadDriver
RtlSetSecurityObject
RtlSetSaclSecurityDescriptor
EvtIntReportEventAndSourceAsync
NtDeleteObjectAuditAlarm
RtlQueueWorkItem
RtlAcquireSRWLockShared
NtCloseObjectAuditAlarm
RtlAdjustPrivilege
NtOpenFile
EtwGetTraceLoggerHandle
NtQueryDirectoryFile
NtDeleteKey
RtlFreeHeap
RtlSetLastWin32Error
EtwEventWrite
RtlCompareUnicodeString
RtlReleaseSRWLockShared
NtOpenKey
RtlReleaseSRWLockExclusive
RtlReleaseResource
NtAdjustPrivilegesToken
RtlSetOwnerSecurityDescriptor
Ord(101)
Ord(106)
Ord(105)
Ord(102)
Number of PE resources by type
RT_MANIFEST 1
WEVT_TEMPLATE 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
38400

FileOS
Windows NT 32-bit

EntryPoint
0x1388a

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:14 00:11:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
services.exe

ProductVersion
6.1.7600.16385

FileDescription
Services and Controller app

OSVersion
6.1

OriginalFilename
services.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
218624

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a302bbff2a7278c0e239ee5d471d86a9
SHA1 982337db5b7b58a090156fad6f305397787ffd67
SHA256 4c1096f2855ca7e6a043b312ea80921d3ce445630697eb4f4850ae842424a602
ssdeep
6144:5lMlQV2agWccMdwo6vQHLS0iVtq/3PmRJC:5l9VIC2wX4+0iV43+

authentihash d2cfe944f386c02382e3b921e4b5d950632e1bcc9679d595c89967d59de68a39
imphash 7554e509802ea52a1d02bbb4506cae72
File size 253.0 KB ( 259072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-05-31 20:33:36 UTC ( 2 years, 12 months ago )
Last submission 2015-04-29 11:48:32 UTC ( 1 month ago )
File names services.exe1
servicesbkp.exe
$$DeleteMe.services.exe.01cd76cb81848bf8.0000
services.noexe
services.exevr
vti-rescan
services.exe.vir
service1s.exe
services.exe$
services.e11
services_virus.exe
_services.exe
services.exe.mui
services.dll
services-b.exe
tsk0000.dta
services.exe
xxx.exexx
services.exe.000
services.exe.rootkit
services.exe
$$DeleteMe.services.exe.01cd6520fd4c6461.0000
services.exe.org
SERVICES.EXE
Services.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!