obexsrv.exe
Intel PROSet\Wireless Bluetooth by Intel Corporation (Signed)
Warning 7 antivirus scanners has detected malware in various versions of obexsrv.exe.
Overview
There are 10 versions of obexsrv.exe in the wild, the latest version being 2.0.0.0128. It is started as a Windows Service with the name 'Bluetooth OBEX Service' and described as “Provides Bluetooth File Transfer Protocol support.”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). This is executed as a shared service (which simply means that this service can share a process with other Win32 services). The average file size is about 1002.22 KB. The file is a digitally signed and issued to Intel Corporation by Intel Corporation. Numerous variations of obexsrv.exe have been installed with both Pharaoh Puzzle and Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology. During the process's lifecycle, the typical CPU resource utilization is about 0.0004% including both foreground and background operations, the average private memory consumption is about 2.99 MB with the maximum memory reaching around 5.82 MB and typical read I/O operations are around 11 Bytes per minute.
 Details
|
| File name: | obexsrv.exe |
| Publisher: | Intel Corporation |
| Product name: | Intel PROSet\Wireless Bluetooth |
| Description: | Bluetooth OBEX Service |
| Typical file path: | C:\Program Files\intel\bluetooth\obexsrv.exe |
| Certificate |
| Issued to: | Intel Corporation |
| Authority (CA): | Intel Corporation |
| Windows Service |
| Service name: | Bluetooth OBEX Service |
| Description: | “Provides Bluetooth File Transfer Protocol support.” |
| Type: | Win32ShareProcess |
Programs installed in
(Note, the programs listed below are for all versions of Intel PROSet\Wireless Bluetooth.)
“The Intel PROSet/Wireless software includes a suite of features which IT managers find highly desirable. These features include automatic detection of and connection to wireless access points based on...”
Pharaoh Puzzle is a casual PC video game distributed through the Game Top download portal. The trial verison of the game includes an icon on the user's desktop 'Online Free Games' which links to a par...
Behaviors
(Note, the behaviors below are for all versions of obexsrv.exe, select a unique version for details.)
Service
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
Malware detections
Based on 40+ industry antivirus scanners, 7 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Bkav Security |
1.3.0.4613 |
HW32.CDB.56bd |
1.2.0.0071 |
| eSafe |
7.0.17.0 |
Win32.TRDropper |
1.0.0.0045 |
| eSafe |
7.0.17.0 |
Win32.GenVariant.Urs |
1.0.0.0049 |
| eSafe |
7.0.17.0 |
Win32.Dx.Vux |
1.0.0.0040 |
| Rising Antivirus |
25.0.0.11 |
PE:Malware.XPACK-HIE/Heur!1.9C48 |
1.2.0.0071 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0830 |
1.0.0.0049 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0804 |
1.0.0.0040 |
All file variations of obexsrv.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
65.63% |
|
| Windows 7 Ultimate |
21.88% |
|
| Windows 7 Professional |
12.50% |
|
Distribution by country
United States installs about 34.38% of Intel PROSet\Wireless Bluetooth.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
45.00% |
|
| Sony |
20.00% |
|
| Hewlett-Packard |
20.00% |
|
| ASUS |
10.00% |
|
| Acer |
5.00% |
|
