home

clientsvr.exe

hggZRZQx

MSIL

The executable clientsvr.exe has been detected as malware by 7 anti-virus scanners.
Publisher:
MSIL  (signed and verified)

Product:
hggZRZQx

Version:
3.7.5.2

MD5:
720155ca5e9a50519fd294b412fc5151

SHA-1:
6f202455cc3e8e44ee87d9727b66e31ae57a43f4

SHA-256:
ad79e0130b8aa39ee6fd3d65ce71daf30bde613bd828284d9dd6f9e9380a9cb5

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/24/2024 10:12:58 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Broban-AR [Trj]
160503-1

Dr.Web
Trojan.DownLoader12.62232
9.0.1.05190

Emsisoft Anti-Malware
Trojan.GenericKD.2311656
11.5.0.6191

ESET NOD32
MSIL/Agent.ZD trojan
8.0.319.0

McAfee
Trojan.Artemis!720155CA5E9A
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.1180.0

Norman
Trojan.GenericKD.2311656
19.05.2016 01:04:49

File size:
886 KB (907,264 bytes)

Product version:
3.7.5.2

Copyright:
Copyright hggZRZQx © 2015

Original file name:
hggZRZQx.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\syswow64\clientsvr.exe

Digital Signature
Signed by:
MSIL

Authority:
getaCert - www.getacert.com

Valid from:
4/18/2015 6:48:00 PM

Valid to:
6/17/2015 6:48:00 PM

Subject:
E=N@A.com, CN=MSIL En112, OU=Encpt, O=MSIL, L=Cali, S=California, C=US

Issuer:
O=getaCert - www.getacert.com, L=Seattle, S=Washington, C=US

Serial number:
0ED4

File PE Metadata
Compilation timestamp:
4/19/2015 1:57:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:+J7gDHx2hma2x+EKu191DCPhIf6a6xxF4bCEMBVmIViLMSEERfkkjylaG6pcWycp:7/kVmKi4QmkGv6cWycMUJ6lx78

Entry address:
0xE200A

Entry point:
FF, 25, 00, 20, 4E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
631 KB (646,144 bytes)

Remove clientsvr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.