home

server.exe

The executable server.exe has been detected as malware by 4 anti-virus scanners. The file has been seen being downloaded from kuwaiti.co.
MD5:
8e4ffef0bc5483a5bc5b4a719ba34b5e

SHA-1:
2c49bf0d2f5a8918da893cc0a64591aa3b9bb210

SHA-256:
e47791f01ae9273a811b454b646f26aa9b64fcbe8d9995219e5ea12b7546bdea

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/24/2024 7:17:17 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:GenMalicious-BOG [Trj]
160708-3

Emsisoft Anti-Malware
Gen:Variant.Barys.7801
16.07.17

ESET NOD32
MSIL/Bladabindi.AS trojan
8.0.319.0

Microsoft Security Essentials
Threat.Undefined
1.225.1590.0

File size:
27 KB (27,648 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\server.exe

File PE Metadata
Compilation timestamp:
7/17/2016 2:48:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:KNgrZchCdmx8aMlloTsgkKocnMHh/lmM2EgUnLYfF2MfwrHKOhT2Nid:KEiCdmx8aMroTsEocnMB/82a92JGhN

Entry address:
0x83E2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 0C, 00, 00, 00, E4, 33, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7956

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
25 KB (25,600 bytes)

The file server.exe has been seen being distributed by the following URL.

http://kuwaiti.co/files/3/.../Server.exe

Remove server.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.