» server.exe
Overview
Analysis
File Details
Downloads (1)

server.exe

The executable server.exe has been detected as malware by 23 anti-virus scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from k960742l.bget.ru.

File name:

server.exe

MD5:

5ace43423d10596a0317934ed62361e9

SHA-1:

0e190d236c708eced8ff25317da96613dc60f649

SHA-256:

8c7cc4f5977405a54a92606d4b93aa33c31ec8397361aec83d338a85e5d43b9d

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

11/6/2024 9:41:42 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.3082982

333

AegisLab AV Signature

Troj.W32.Fsysna!c

2.1.4+

Avira AntiVirus

TR/Injector.656210

8.3.3.2

Arcabit

Trojan.Generic.D2F0AE6

1.0.0.656

avast!

Win32:Malware-gen

2014.9-160307

AVG

Inject3

2017.0.2811

Bitdefender

Trojan.GenericKD.3082982

1.0.20.335

Dr.Web

Trojan.Inject2.16408

9.0.1.067

Emsisoft Anti-Malware

Trojan.GenericKD.3082982

8.16.03.07.05

ESET NOD32

Win32/Injector.CTPK (variant)

10.13136

Fortinet FortiGate

W32/Fsysna.CYUB!tr

3/7/2016

F-Prot

W32/Trojan3.TXM

v6.4.7.1.166

F-Secure

Trojan.GenericKD.3082982

11.2016-07-03_2

G Data

Trojan.GenericKD.3082982

16.3.25

IKARUS anti.virus

Trojan-Spy.Agent

t3scan.2.0.8.0

Kaspersky

Trojan.Win32.Fsysna

14.0.0.551

McAfee

Artemis!5ACE43423D10

5600.6467

Microsoft Security Essentials

Backdoor:Win32/Fynloski.A

1.1.12505.0

MicroWorld eScan

Trojan.GenericKD.3082982

17.0.0.201

Panda Antivirus

Generic Suspicious

16.03.07.05

Qihoo 360 Security

Win32/Trojan.181

1.0.0.1120

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

47700

File size:

640.8 KB (656,210 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Self-extracting archive

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\server.exe

File PE Metadata

Compilation timestamp:

2/15/2015 10:00:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:H0nyfXuIBDtfu2PsiiAOODXrnT/8/oeDMajtPkJ+mX:Uny/f9u2U92DXrnTUlTjtQ+2

Entry address:

0x1D7CB

Entry point:

E8, 85, 63, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 82, FC, FF, FF, C7, 06, 20, B2, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 20, B2, 42, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 20, B2, 42, 00, E8, 24, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 52, CA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08... 
[+]

Entropy:

7.1158

Code size:

162 KB (165,888 bytes)

The file server.exe has been seen being distributed by the following URL.

http://k960742l.bget.ru/server.exe

Remove server.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.