» server.exe
Overview
Analysis
File Details
Behaviors (1)

server.exe

Microsoft Corporation

Koshy John

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.

File name:

server.exe

Publisher:

Microsoft Corporation (signed by Koshy John)

Product:

Microsoft® Windows® Operating System

Description:

Microsoft Corporation

Version:

657.8989.10586.34528

MD5:

b63e9c216e9f52c7687e8777bfc943d1

SHA-1:

8ad3e24188c88434ebf19e397fdae15099161c94

SHA-256:

a6d85c301d97fad904283f44042633503e0d04f3dd5d5d54c75f88c0992ade19

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

1/15/2025 12:46:56 PM UTC (today)

Scan engine

Detection

Engine version

F-Secure

Variant.MSILPerseus.28157

5.15.96

Norman

Gen:Variant.MSILPerseus.28157

02.04.2016 17:35:19

File size:

784.7 KB (803,536 bytes)

Product version:

657.8989.10586.34528

Trademarks:

Microsoft Corporation

Original file name:

SerKan.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\clean\server.exe

Digital Signature

Signed by:

Koshy John

Authority:

COMODO CA Limited

Valid from:

3/22/2015 8:00:00 AM

Valid to:

3/22/2020 7:59:59 AM

Subject:

CN=Koshy John, O=Koshy John, STREET=14409 NE 37th Pl., STREET=J9, L=Bellevue, S=Washington, PostalCode=98007, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F0B9668B8F9B11A925E079E486F78DB1

File PE Metadata

Compilation timestamp:

5/1/2016 9:13:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:kL59HU4VuTKKosgZ+Tsgici39fypPlLpFjV6IVcXBLo42XgjzHZQ:kPRl8yfWHB6ZRLtzHC

Entry address:

0xC3FDE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 60, 00, 00, 80, 10, 00, 00, 00, 90, 00, 00, 80, 18, 00, 00, 00, C0, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 48, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, F0, 00... 
[+]

Entropy:

7.5325

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

776 KB (794,624 bytes)

Scheduled Task

Task name:

Client Monitor

Trigger:

Logon (Runs on logon)

Scan server.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.