home

server.exe

GoreTvoe

The executable server.exe has been detected as malware by 10 anti-virus scanners. The file has been seen being downloaded from k960742l.bget.ru.
Publisher:
GoreTvoe

Product:
GoreTvoe

Version:
1.0.0.1

MD5:
c90abbc844c85b2bfcf4059f57f61229

SHA-1:
8b33818f12555d4744a1811535832c78dfef69ad

SHA-256:
57c157eddea739e4ea4226380bc92dd9cd38176ab65e5327a48330c9f159d047

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/6/2024 9:39:45 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Vitro
160327-1

Dr.Web
Win32.Virut.56
9.0.1.05190

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
11.5.0.6191

ESET NOD32
Win32/Virut.NBP virus
8.0.319.0

F-Prot
W32/Virut.C.gen
4.6.5.141

Kaspersky
Virus.Win32.Virut
15.0.0.562

McAfee
Virus.W32/Virut.n.gen
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.1273.0

Norman
Win32.Virtob.Gen.12
02.04.2016 17:35:19

VIPRE Antivirus
Threat.4120919
48132

File size:
247.5 KB (253,440 bytes)

Product version:
1.0.0.1

Copyright:
Copyright © 2016

Original file name:
GoreTvoe.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\server.exe

File PE Metadata
Compilation timestamp:
2/4/1982 5:10:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:UWkr1AQiKXUSLFumRDOZVjpVCyD2+ORUXpFSwa7kEtViTTIb1J:UWkrek8mNGVCyD2+ORca7htYTQ1

Entry address:
0x3E336

Entry point:
FC, 83, F4, 00, 8D, 64, 24, D0, F9, 00, FE, 28, FE, 60, F6, D5, 8D, 64, 24, 24, E8, A7, 5D, 00, 00, F6, D0, 8D, 74, 24, FC, 87, 1E, 30, FE, 4B, 0F, B7, CB, E2, FE, E9, D7, 5B, 00, 00, 54, FF, 34, 24, 92, FF, 54, 24, 64, 59, 41, 5A, FF, D7, 87, CA, 3B, C6, 0F, 84, 24, FF, FF, FF, 42, 50, 86, D2, 0F, 31, 8A, C8, B5, 86, 5E, E9, 53, 5C, 00, 00, 8D, 7F, F2, 39, FF, 01, 04, 24, 90, 8D, 36, 58, 8D, 09, 90, 80, 7F, FC, 0A, 0F, 87, AC, 5D, 00, 00, FC, 9E, B8, 63, 13, C8, F2, 89, D2, FC, 9B, 31, 44, 24, FC, 8B, 44...
 
[+]

Entropy:
6.1491

Code size:
122 KB (124,928 bytes)

The file server.exe has been seen being distributed by the following URL.

http://k960742l.bget.ru/server.exe

Remove server.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.