Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Microsoft Executable in Transit Detection

Critical

Synopsis

The remote host may be compromised

Description

This service appears to send a Microsoft Windows executable when a connection to it is established. This may be evidence of some malware which are known to propagate in this manner. There is not a file name associated with this executable. That is, the client created a TCP/IP connection to the host, at which time the host sent an executable back to the client. The PVS has determined that this is an Microsoft executable based upon the format of the binary.

Solution

Check the host and disinfect / reinstall it if necessary.