server.exe

Xin Zhou

The application server.exe by Xin Zhou has been detected as a potentially unwanted program by 6 anti-malware scanners. It runs as a windows Service named “server Update”.
Publisher:
Xin Zhou  (signed and verified)

MD5:
33245042587f590e985a1dc08b5be945

SHA-1:
8a60e8e5a5647218c1326d352b8387fcb1b74ad7

SHA-256:
f9fa645546293a640ad99d598016e11567886fbcca08e109d4764e6ccd0b4af7

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:17:47 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mutabaha.937
9.0.1.05190

ESET NOD32
Win32/ELEX.GL potentially unwanted application
8.0.319.0

F-Secure
Riskware.Application.Elex.AN
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.223.1406.0

Norman
Application.Elex.AN
28.05.2016 15:32:18

Reason Heuristics
PUP.XinZhou (M)
16.6.12.21

File size:
1.3 MB (1,408,184 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\window update\server update\server.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
10/23/2015 12:00:00 AM

Valid to:
10/22/2016 11:59:59 PM

Subject:
CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
659A8A3384285135321373ABABE9503D

File PE Metadata
Compilation timestamp:
12/22/2015 2:48:21 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:TlBsUFAkdXQkXpq5b3/vgjsyrujxmR0LZTty:THsUFAoXQ0qh3pyrujMRITty

Entry address:
0x1A644

Entry point:
E8, B8, 53, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 70, 40, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F8, 22, 44, 00, 01, 0F, 82, D6, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74...
 
[+]

Code size:
203.5 KB (208,384 bytes)

Service
Display name:
server Update

Service name:
server

Description:
Enables the detection, download, and installation of updates for server and other programs. If this service is disabled, users of this computer will not be able to use server Update or its automatic u

Type:
Win32OwnProcess, InteractiveProcess


Remove server.exe - Powered by Reason Core Security