× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c1096f2855ca7e6a043b312ea80921d3ce445630697eb4f4850ae842424a602
File name: services.exe
Detection ratio: 42 / 56
Analysis date: 2015-07-01 17:20:58 UTC ( 5 days, 15 hours ago )
Antivirus Result Update
ALYac Trojan.Patched.Sirefef.C 20150701
AVG Patched_c.LYU 20150701
AVware Trojan.Win32.Generic!BT 20150701
Ad-Aware Trojan.Patched.Sirefef.C 20150701
AhnLab-V3 Win32/Zeroaccess.259072 20150701
Arcabit Trojan.Patched.Sirefef.C 20150630
Avast Win32:Sirefef-AII [Rtk] 20150701
Avira W32/Patched.UB 20150701
Baidu-International Trojan.Win32.Zeroaccess.42 20150701
BitDefender Trojan.Patched.Sirefef.C 20150701
CAT-QuickHeal W32.ZAccess.M4 20150701
ClamAV Trojan.Zeroaccess-473 20150701
Comodo UnclassifiedMalware 20150701
Cyren W32/Backdoor.EEKY-4949 20150701
DrWeb BackDoor.Maxplus.5220 20150701
ESET-NOD32 Win32/Sirefef.FC 20150701
Emsisoft Trojan.Patched.Sirefef.C (B) 20150701
F-Prot W32/Backdoor2.HKZP 20150701
F-Secure Virus:W32/ZeroAccess.B 20150701
Fortinet W32/ZAccInf.B!tr 20150701
GData Trojan.Patched.Sirefef.C 20150701
Ikarus Virus.Win32.ZAccess 20150701
K7AntiVirus Trojan ( 003b22a81 ) 20150701
K7GW Trojan ( 003b22a81 ) 20150701
Kaspersky Virus.Win32.ZAccess.m 20150701
McAfee ZeroAccess.ds.gen.c 20150701
McAfee-GW-Edition ZeroAccess.ds.gen.c 20150701
MicroWorld-eScan Trojan.Patched.Sirefef.C 20150701
Microsoft Virus:Win32/Sirefef.R 20150701
NANO-Antivirus Trojan.Win32.ZAccess.bfjnax 20150701
Panda W32/SirefefP 20150701
Qihoo-360 Trojan.Generic 20150701
Sophos Troj/ZAccInf-B 20150701
Symantec Trojan.Zeroaccess!inf4 20150701
Tencent Win32.Virus.Zaccess.Lipu 20150701
TheHacker Trojan/Sirefef.fc 20150701
TotalDefense Win32/ZAccess.ES 20150701
TrendMicro Mal_Siref32 20150701
TrendMicro-HouseCall Mal_Siref32 20150701
VIPRE Trojan.Win32.Generic!BT 20150701
ViRobot Win32.ZeroAccess.A[h] 20150701
Zoner Trojan.Sirefef.FC 20150701
AegisLab 20150701
Agnitum 20150630
Alibaba 20150630
Antiy-AVL 20150701
Bkav 20150701
ByteHero 20150701
Jiangmin 20150630
Kingsoft 20150701
Malwarebytes 20150701
Rising 20150701
SUPERAntiSpyware 20150701
VBA32 20150701
Zillya 20150701
nProtect 20150701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name services.exe.mui
Internal name services.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Services and Controller app
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-13 23:11:23
Link date 12:11 AM 7/14/2009
Entry Point 0x0001388A
Number of sections 4
PE sections
PE imports
SetUnhandledExceptionFilter
GetLastError
SetErrorMode
UnhandledExceptionFilter
SetLastError
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
SetFileInformationByHandle
DuplicateHandle
CloseHandle
HeapCreate
HeapAlloc
HeapFree
HeapSetInformation
InterlockedExchange
InterlockedCompareExchange64
InterlockedCompareExchange
GetModuleHandleA
FreeLibrary
LoadStringW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
RegGetKeySecurity
RegLoadMUIStringW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegNotifyChangeKeyValue
RegQueryValueExW
LocalFree
LocalAlloc
Sleep
lstrlenW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetProcessId
OpenThreadToken
DeleteProcThreadAttributeList
GetCurrentProcess
TerminateProcess
ResumeThread
OpenProcessToken
CreateThread
SetThreadPriority
GetCurrentProcessId
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetProcessTimes
SetProcessShutdownParameters
ExitThread
GetCurrentThreadId
CreateProcessAsUserW
GetCurrentThread
QueryPerformanceCounter
WaitForMultipleObjectsEx
EnterCriticalSection
CreateEventW
InitializeCriticalSection
OpenProcess
OpenEventW
WaitForSingleObject
SetEvent
ResetEvent
LeaveCriticalSection
GetSystemTime
GetTickCount
GetComputerNameExW
GetSystemTimeAsFileTime
GetVersionExW
SetSecurityDescriptorDacl
GetTokenInformation
RevertToSelf
SetKernelObjectSecurity
FreeSid
CopySid
GetKernelObjectSecurity
GetSecurityDescriptorDacl
AddAccessAllowedAce
SetTokenInformation
CheckTokenMembership
AdjustTokenPrivileges
InitializeAcl
EqualSid
AllocateAndInitializeSid
GetLengthSid
ImpersonateLoggedOnUser
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
AddAce
AllocateLocallyUniqueId
LsaLookupOpenLocalPolicy
LsaLookupClose
LsaLookupGetDomainInfo
LsaLookupTranslateSids
LsaLookupFreeMemory
LsaLookupTranslateNames
LsaLookupManageSidNameMapping
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SystemFunction005
SystemFunction029
UuidFromStringW
RpcRevertToSelf
RpcServerSubscribeForNotification
RpcStringBindingParseW
RpcSsGetContextBinding
RpcBindingToStringBindingW
RpcImpersonateClient
RpcServerRegisterAuthInfoW
RpcAsyncAbortCall
RpcEpRegisterW
I_RpcMapWin32Status
RpcBindingFree
RpcServerInqBindings
I_RpcSessionStrictContextHandle
UuidEqual
RpcStringFreeW
RpcServerUnsubscribeForNotification
NdrServerCall2
I_RpcBindingIsClientLocal
RpcServerInqBindingHandle
RpcServerUseProtseqEpW
RpcBindingServerFromClient
UuidCreateNil
RpcServerInqDefaultPrincNameW
RpcServerUseProtseqW
RpcAsyncCompleteCall
RpcServerInqCallAttributesW
RpcServerRegisterIfEx
NdrAsyncServerCall
RpcServerInqCallAttributesA
I_RpcBindingInqLocalClientPID
UuidCreate
RpcBindingVectorFree
LogonUserExExW
_ultow_s
__p__fmode
wcstoul
memset
wcschr
_wcslwr
_ultow
_vsnwprintf
_cexit
?terminate@@YAXXZ
_ltow_s
memcpy
_wtol
exit
_XcptFilter
__setusermatherr
wcsrchr
_amsg_exit
_wcsicmp
_wcsnicmp
__p__commode
wcscspn
wcsncmp
__getmainargs
_controlfp
memmove
_except_handler4_common
time
wcsstr
_initterm
_exit
_ltow
__set_app_type
RtlConvertSharedToExclusive
DbgPrintEx
RtlUnicodeStringToInteger
RtlAppendUnicodeStringToString
RtlDeleteSecurityObject
RtlCreateSecurityDescriptor
NtQuerySymbolicLinkObject
RtlSetGroupSecurityDescriptor
NtOpenThreadToken
RtlInitializeCriticalSection
RtlValidSecurityDescriptor
NtOpenSymbolicLinkObject
RtlLengthRequiredSid
RtlConvertExclusiveToShared
RtlQuerySecurityObject
RtlAllocateHeap
NtDeleteValueKey
NtSetInformationProcess
RtlNtStatusToDosError
NtWaitForSingleObject
NtLoadDriver
RtlFreeUnicodeString
EtwRegisterTraceGuidsW
RtlAppendUnicodeToString
RtlInitializeSid
NtDuplicateToken
RtlLengthSecurityDescriptor
RtlAcquireSRWLockExclusive
RtlSetControlSecurityDescriptor
RtlAreAllAccessesGranted
NtQueryKey
NtSetEvent
NtQueryDirectoryObject
RtlAcquireResourceExclusive
EtwGetTraceEnableFlags
NtQueryValueKey
RtlCreateServiceSid
RtlEqualUnicodeString
NtFlushKey
NtSetSystemEnvironmentValue
RtlUnicodeStringToAnsiString
RtlDeregisterWait
RtlCopySid
RtlInitializeSRWLock
NtQuerySystemInformation
NtSetValueKey
RtlRegisterWait
RtlCreateAcl
EtwEventRegister
RtlSubAuthorityCountSid
NtQueryInformationFile
RtlSetDaclSecurityDescriptor
NtOpenThread
NtEnumerateKey
NtFilterToken
RtlAddAce
RtlInitUnicodeString
RtlSubAuthoritySid
NtSetInformationFile
NtCreateKey
EtwGetTraceEnableLevel
RtlAcquireResourceShared
RtlSetEnvironmentVariable
RtlSetProcessIsCritical
EtwTraceMessage
NtQueueApcThread
RtlUnhandledExceptionFilter
NtDeleteFile
RtlAnsiStringToUnicodeString
NtPrivilegeCheck
RtlNtStatusToDosErrorNoTeb
RtlExpandEnvironmentStrings_U
RtlMapGenericMask
NtTraceControl
NtInitializeRegistry
RtlDosPathNameToNtPathName_U
RtlLengthSid
RtlGetNtProductType
RtlInitAnsiString
NtOpenProcessToken
WinSqmAddToStream
RtlCopyLuid
RtlNewSecurityObject
NtShutdownSystem
RtlInitializeResource
NtAccessCheck
RtlValidRelativeSecurityDescriptor
NtClose
NtQueryInformationToken
RtlCopyUnicodeString
NtSetInformationThread
NtPrivilegeObjectAuditAlarm
NtOpenDirectoryObject
NtAccessCheckAndAuditAlarm
NtUnloadDriver
RtlSetSecurityObject
RtlSetSaclSecurityDescriptor
EvtIntReportEventAndSourceAsync
NtDeleteObjectAuditAlarm
RtlQueueWorkItem
RtlAcquireSRWLockShared
NtCloseObjectAuditAlarm
RtlAdjustPrivilege
NtOpenFile
EtwGetTraceLoggerHandle
NtQueryDirectoryFile
NtDeleteKey
RtlFreeHeap
RtlSetLastWin32Error
EtwEventWrite
RtlCompareUnicodeString
RtlReleaseSRWLockShared
NtOpenKey
RtlReleaseSRWLockExclusive
RtlReleaseResource
NtAdjustPrivilegesToken
RtlSetOwnerSecurityDescriptor
Ord(101)
Ord(106)
Ord(105)
Ord(102)
Number of PE resources by type
RT_MANIFEST 1
WEVT_TEMPLATE 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
38400

EntryPoint
0x1388a

OriginalFileName
services.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:14 00:11:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
services.exe

ProductVersion
6.1.7600.16385

FileDescription
Services and Controller app

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
218624

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a302bbff2a7278c0e239ee5d471d86a9
SHA1 982337db5b7b58a090156fad6f305397787ffd67
SHA256 4c1096f2855ca7e6a043b312ea80921d3ce445630697eb4f4850ae842424a602
ssdeep
6144:5lMlQV2agWccMdwo6vQHLS0iVtq/3PmRJC:5l9VIC2wX4+0iV43+

authentihash d2cfe944f386c02382e3b921e4b5d950632e1bcc9679d595c89967d59de68a39
imphash 7554e509802ea52a1d02bbb4506cae72
File size 253.0 KB ( 259072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-05-31 20:33:36 UTC ( 3 years, 1 month ago )
Last submission 2015-06-11 13:43:41 UTC ( 3 weeks, 4 days ago )
File names services.exe1
servicesbkp.exe
$$DeleteMe.services.exe.01cd76cb81848bf8.0000
services.noexe
services.exevr
vti-rescan
services.exe.vir
service1s.exe
services.exe$
services.e11
services_virus.exe
_services.exe
services.exe.mui
services.dll
services-b.exe
tsk0000.dta
004239219
services.exe
xxx.exexx
services.exe.000
services.exe.rootkit
services.exe
$$DeleteMe.services.exe.01cd6520fd4c6461.0000
services.exe.org
SERVICES.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!