server.exe

clud-intim.com

The application server.exe by clud-intim.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from www.msil.pw.
Publisher:
2fd62  (signed by clud-intim.com)

Product:
2fd62

Version:
0.0.0.0

MD5:
680012ca52955b4216afb62b2acac642

SHA-1:
75f7ddad0af3e5fcc83b549a7b7b45a8f7645ab3

SHA-256:
9fac0042c21c0b4696da0d8359861c583541745975c9b10077b283d5412be0bf

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 4:39:37 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.cludintim.Reputation
15.10.10.11

File size:
224.9 KB (230,304 bytes)

Product version:
0.0.0.0

Copyright:
Copyright © 2015

Original file name:
0030750001435687001.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\server.exe

Digital Signature
Signed by:

Authority:
clud-intim.com

Valid from:
6/18/2015 7:29:20 AM

Valid to:
6/17/2016 7:29:20 AM

Subject:
E=contact@clud-intim.com, CN=www.clud-intim.com, OU=Game Design, L=Clue villie, O=clud-intim.com, S=Clue, C=mt

Issuer:
E=contact@clud-intim.com, CN=www.clud-intim.com, OU=Game Design, L=Clue villie, O=clud-intim.com, S=Clue, C=mt

Serial number:
00

File PE Metadata
Compilation timestamp:
6/30/2015 7:57:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:l/OsIvYlfQ3SEJ6WeFvSDTX04igfg/ybZZ:l2sWE7EgWSGX04igfg/ybZZ

Entry address:
0xD13E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
45 KB (46,080 bytes)

The file server.exe has been seen being distributed by the following URL.

Remove server.exe - Powered by Reason Core Security