home

ph.exe

server 应用程序

360.cn

The executable ph.exe, “server Microsoft 基础类应用程序” has been detected as malware by 41 anti-virus scanners.
Publisher:
360.cn  (signed and verified)

Product:
server 应用程序

Description:
server Microsoft 基础类应用程序

Version:
1, 0, 0, 1

MD5:
2ece5361ca6fe297e612a55ed2dd7ac0

SHA-1:
f79acb9fdd3485605b64496dd523df470af9b89d

SHA-256:
df1b884f711859efd31830b6cbd5484a820d478f56ba68b1b888efca43dd0ab1

Scanner detections:
41 / 68

Status:
Malware

Analysis date:
12/28/2024 12:27:08 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.874
373

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Mircofake
2016.01.22

Avira AntiVirus
TR/Nitol.blanu
8.3.2.4

Arcabit
Trojan.Graftor.874
1.0.0.646

avast!
Win32:ServStart-B [Trj]
2014.9-160127

AVG
DDoS
2017.0.2851

Baidu Antivirus
Trojan.Win32.ServStart
4.0.3.16127

Bitdefender
Gen:Variant.Graftor.874
1.0.20.135

Bkav FE
W32.DocyniLTC.Trojan
1.3.0.7400

Clam AntiVirus
Win.Trojan.Scar-2077
0.98/21511

Comodo Security
TrojWare.Win32.TrojanDownloader.Small.CO
23999

Dr.Web
DDoS.Rincux.325
9.0.1.027

Emsisoft Anti-Malware
Gen:Variant.Graftor.874
8.16.01.27.07

ESET NOD32
Win32/ServStart (variant)
10.12907

Fortinet FortiGate
W32/MicroFake.A!tr
1/27/2016

F-Prot
W32/QQhelper.C.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Graftor.874
11.2016-27-01_4

G Data
Gen:Variant.Graftor.874
16.1.25

IKARUS anti.virus
Trojan.Win32.Patcher
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18499

Kaspersky
Trojan.Win32.Agent
14.0.0.751

Malwarebytes
Trojan.ServStart
v2016.01.27.07

McAfee
GenericR-FRI!2ECE5361CA6F
5600.6507

Microsoft Security Essentials
DDoS:Win32/Nitol.A
1.1.12400.0

MicroWorld eScan
Gen:Variant.Graftor.874
17.0.0.81

NANO AntiVirus
Trojan.Win32.Nitol.bcaasl
1.0.14.5380

nProtect
Trojan/W32.Scar.48944
16.01.21.01

Panda Antivirus
Trj/Genetic.gen
16.01.27.07

Qihoo 360 Security
Win32/Trojan.ed0
1.0.0.1077

Quick Heal
Trojan.Nitol.A
1.16.14.00

Rising Antivirus
PE:Backdoor.Overie!1.64BD [F]
23.00.65.16125

Sophos
Mal/Emogen-Y
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-MSFake
9359

Total Defense
Win32/Nitol.AM
37.1.62.1

Trend Micro House Call
TROJ_NITOL.SMJ
7.2.27

Trend Micro
TROJ_NITOL.SMJ
10.465.27

Vba32 AntiVirus
SScope.Trojan.Winlock.2113
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
46668

ViRobot
Trojan.Win32.A.Scar.49152.Y[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Scar.Win32.72276
2.0.0.2625

File size:
47.8 KB (48,944 bytes)

Product version:
1, 0, 0, 1

Copyright:
版权所有 (C) 2010

Original file name:
server.EXE

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
360.cn

Authority:
VeriSign Inc.

Valid from:
11/17/2011 6:06:51 AM

Valid to:
11/17/2511 6:01:08 AM

Subject:
CN=360.cn, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=360.cn, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2011-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)2011, OU=VeriSign Trust Network, O=VeriSign Inc., C=US

Serial number:
6106862C000000000002

File PE Metadata
Compilation timestamp:
1/1/2012 5:37:01 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:Wvdv6GHnHKMBg93qHbGjZDImJNd+yHRVkuIILkaXBc1Tiv:WlvRHzAaHfmJ+yHRmyfN

Entry address:
0x41EF

Entry point:
55, 8B, EC, 6A, FF, 68, A0, 95, 40, 00, 68, C0, 41, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 9C, 92, 40, 00, 59, 83, 0D, 24, CA, 40, 00, FF, 83, 0D, 28, CA, 40, 00, FF, FF, 15, A0, 92, 40, 00, 8B, 0D, 18, CA, 40, 00, 89, 08, FF, 15, A4, 92, 40, 00, 8B, 0D, 14, CA, 40, 00, 89, 08, A1, A8, 92, 40, 00, 8B, 00, A3, 20, CA, 40, 00, E8, 17, 01, 00, 00, 39, 1D, 20, B7, 40, 00, 75, 0C, 68, 72, 43, 40, 00, FF, 15, AC, 92...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
30.5 KB (31,232 bytes)

Remove ph.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.