Class: Rootkit
This type of malicious program is designed to conceal certain objects or activities in the system. Registry keys (those used to automatically launch malicious objects, for example), files, folders, and processes in the memory of an infected computer, as well as malicious network activity, can all be hidden. Rootkits themselves have any malicious payload but in most cases, this type of program is used to prevent malicious programs from being detected and extend the length of time that they run on an infected computer.Read more
Platform: Win64
Win64 is a platform on Windows-based operating systems for execution of 32-/64-bit applications. Win64 programs cannot be launched on 32-bit versions of Windows.Family: PurpleFox
No family descriptionExamples
E6B59B0B0097CD729989CD3E565A42B4036B55DE87FFA273869F9A13450E16D1
1192FBB5A46756E2D7A771A9F9C3E64B
D87CD6CF3E9ABC82E84442AE669D1CA1
AA80F1AF9633CBBCD25230948C4B767D
Tactics and Techniques: Mitre*
Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager (services.exe) is an interface to manage and manipulate services. The service control manager is accessible to users via GUI components as well as system utilities such as sc.exe and Net.
Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager (services.exe) is an interface to manage and manipulate services. The service control manager is accessible to users via GUI components as well as system utilities such as sc.exe and Net.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.