home

mouse-server.exe

MouseServer

wifimouse.necta.us

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MouseServer’. The file has been seen being downloaded from wifimouse.necta.us and multiple other hosts.
Publisher:
wifimouse.necta.us

Product:
MouseServer

Version:
1.7.2.0

MD5:
0ff1c31c11278f3f76299872cd5ad91d

SHA-1:
ed65b32a631377cc000bb09364dcb8766b607aa5

SHA-256:
085f3152252b03fe1b8f8856849a43e913d43d4457d272da150f2502f42ca15f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 11:23:40 AM UTC  (today)

File size:
292.5 KB (299,520 bytes)

Product version:
1.7.2.0

Copyright:
Copyright (C) 2015-2016 Necta Company.

Trademarks:
MouseServer

Original file name:
MouseSer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
5/8/2016 11:14:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
3072:REmWbbXpNoIsT5J8aeUtfYWLu04+yvNqkGImN1LnC8+HHBX8ihtHD3bKBvlKtXx7:R7gxqRr604+EqkS/LnC8Qi6UNsVBBH

Entry address:
0xF86A

Entry point:
E8, 99, 04, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, F6, 45, 08, 01, 56, 8B, F1, C7, 06, 04, 56, 42, 00, 74, 0A, 6A, 0C, 56, E8, 22, F9, FF, FF, 59, 59, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 83, 25, DC, 10, 43, 00, 00, 83, EC, 2C, 53, 33, DB, 43, 09, 1D, 10, 00, 43, 00, 6A, 0A, E8, B7, 3C, 01, 00, 85, C0, 0F, 84, 74, 01, 00, 00, 83, 65, EC, 00, 33, C0, 83, 0D, 10, 00, 43, 00, 02, 33, C9, 56, 57, 89, 1D, DC, 10, 43, 00, 8D, 7D, D4, 53, 0F, A2, 8B, F3, 5B, 89, 07, 89, 77, 04, 89, 4F, 08, 89, 57, 0C, 8B, 45...
 
[+]

Entropy:
6.3009

Code size:
142.5 KB (145,920 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MouseServer

Command:
"C:\users\{user}\desktop\mouse-server.exe"


The file mouse-server.exe has been seen being distributed by the following 3 URLs.

http://wifimouse.necta.us/MouseServer.exe

temp:Mouse-Server.exe

http://wifimouse.necta.us/Mouse-Server.exe

Scan mouse-server.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.