server.exe

svchosts

The executable server.exe has been detected as malware by 36 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s6.dosya.tc.
Product:
svchosts

Version:
12.00

MD5:
82249ad35c349179000663fbf2cfda70

SHA-1:
1f5b68c7ec209bc74ef21fc456ea1f49c529d7f3

SHA-256:
3e406fd867afc3519997870a69628dda02cf31b8c3ae83e519136ea15e2d7ffd

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
12/27/2024 7:06:06 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.RX.gm0@XS5DmvmO
217

AegisLab AV Signature
Troj.Spy.W32.Agent
2.1.4+

Agnitum Outpost
TrojanSpy.Vkont
7.1.1

AhnLab V3 Security
Win-Trojan/Agent.106496.ABO
2016.02.06

Avira AntiVirus
TR/Dropper.Gen
8.3.2.4

Arcabit
Trojan.Heur.RX.E06EC9
1.0.0.653

avast!
Win32:Malware-gen
2014.9-160702

AVG
PSW.Generic12
2017.0.2695

Bitdefender
Gen:Trojan.Heur.RX.gm0@XS5DmvmO
1.0.20.920

Clam AntiVirus
Win.Trojan.Agent-736470
0.98/21511

Comodo Security
TrojWare.Win32.Spy.Vkont.A
24097

Dr.Web
Trojan.Siggen6.12706
9.0.1.0184

Emsisoft Anti-Malware
Gen:Trojan.Heur.RX.gm0@XS5DmvmO
8.16.07.02.10

ESET NOD32
Win32/Spy.VB.NWB
10.12984

Fortinet FortiGate
W32/Spy.NWB!tr
7/2/2016

F-Prot
W32/VB-Backdoor-PWNF-based!Maxi
v6.4.7.1.166

F-Secure
Gen:Trojan.Heur.RX.gm0@XS5DmvmO
11.2016-02-07_7

G Data
Gen:Trojan.Heur.RX.gm0@XS5DmvmO
16.7.25

IKARUS anti.virus
Trojan-Spy.Win32.Vkont
t3scan.2.0.6.0

K7 AntiVirus
Spyware
13.213.18660

Kaspersky
Trojan-Spy.Win32.Vkont
14.0.0.-32

Malwarebytes
Backdoor.Agent.FF
v2016.07.02.10

McAfee
GenericATG-FSK!82249AD35C34
5600.6351

Microsoft Security Essentials
PWS:Win32/Sifre.A
1.1.12400.0

MicroWorld eScan
Gen:Trojan.Heur.RX.gm0@XS5DmvmO
17.0.0.552

NANO AntiVirus
Trojan.Win32.Vkont.djrusw
1.0.14.5798

nProtect
Trojan-Spy/W32.VKont.106496.C
16.02.05.01

Panda Antivirus
Trj/Genetic.gen
16.07.02.10

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1120

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16630

Sophos
Mal/Behav-035
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Falprod
9046

Total Defense
Win32/Comrerop.dUaZcWB
37.1.62.1

Trend Micro House Call
TSPY_SIFRE_EI150505.UVPM
7.2.184

Vba32 AntiVirus
TrojanSpy.Vkont
3.12.26.4

Zillya! Antivirus
Trojan.VKont.Win32.1764
2.0.0.2648

File size:
104 KB (106,496 bytes)

Product version:
12.00

Original file name:
svchosts.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\server.exe

File PE Metadata
Compilation timestamp:
3/19/2014 9:52:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:E0d6zoX44Bt3qlCJycTK4Ewm0aF8mOm6mUbY:fYUX4ualC1TiwmDFrU0

Entry address:
0x1E40

Entry point:
68, 9C, 20, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, CD, 6C, 6D, 3C, F2, 7D, 22, 41, AF, 78, D2, BB, 55, 1E, D2, 86, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 73, 76, 63, 68, 6F, 73, 74, 73, 00, 30, 34, 36, 7D, 23, 32, 2E, 00, 00, 00, 00, 01, 00, 09, 00, 24, 30, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 28, 32, 40, 00, D0, 80, 41, 00, 00, 00, 00, 00, F0, 9A, B7, 06, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
92 KB (94,208 bytes)

The file server.exe has been seen being distributed by the following URL.

Remove server.exe - Powered by Reason Core Security