» server.exe
Overview
Analysis
File Details
Downloads (1)

server.exe

The executable server.exe has been detected as malware by 26 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from dc19.arabsh.com.

File name:

server.exe

MD5:

042ce2577cd458a034071f31e2ca5266

SHA-1:

3347df903acd107d93de8b77f1998cbe00971841

SHA-256:

d01d70130a1c685e2cf0d4edfd29aa0f7a4ebbb0154c7c844c145bd09dfae10f

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

12/29/2024 4:32:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Razy.24287

260

AegisLab AV Signature

Troj.W32.Gen.mzJa

2.1.4+

AhnLab V3 Security

Backdoor/Win32.Bladabindi

2016.05.14

Arcabit

Trojan.Razy.D5EDF

1.0.0.680

avast!

MSIL:Agent-DRD [Trj]

2014.9-160519

AVG

PSW.ILUSpy

2017.0.2738

Baidu Antivirus

MSIL.Backdoor.Bladabindi

4.0.3.16519

Bitdefender

Gen:Variant.Razy.24287

1.0.20.700

Clam AntiVirus

Win.Trojan.B-468

0.99.211

Emsisoft Anti-Malware

Gen:Variant.Razy.24287

8.16.05.19.02

ESET NOD32

MSIL/Bladabindi.BM (variant)

10.13487

Fortinet FortiGate

W32/Generic.BM!tr

5/19/2016

F-Prot

W32/MSIL_Bladabind.I2.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Razy.24287

11.2016-19-05_5

G Data

Gen:Variant.Razy.24287

16.5.25

IKARUS anti.virus

Trojan.MSIL.Bladabindi

t3scan.2.0.9.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.187

McAfee

Trojan-FIGN

5600.6394

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.1.12706.0

MicroWorld eScan

Gen:Variant.Razy.24287

17.0.0.420

Qihoo 360 Security

QVM03.0.Malware.Gen

1.0.0.1120

Rising Antivirus

Backdoor.MSIL.Bladabindi!1.9E49

23.00.65.16517

Sophos

Troj/Bbindi-W

4.98

Trend Micro House Call

BKDR_BLADABI.SMC

7.2.140

Trend Micro

BKDR_BLADABI.SMC

10.465.19

VIPRE Antivirus

Backdoor.MSIL.Bladabindi.a

49360

File size:

47.5 KB (48,640 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\server.exe

File PE Metadata

Compilation timestamp:

5/11/2016 3:33:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:fpkf24OKITRgVCPaNK98uIeJ96mtEBRpfnu:54J4po28o0mtEBRtu

Entry address:

0x748E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.6388

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

21.5 KB (22,016 bytes)

The file server.exe has been seen being distributed by the following URL.

http://dc19.arabsh.com/file/1463064276/.../Server.exe

Remove server.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.