server.exe

Xin Zhou

The application server.exe by Xin Zhou has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “server Update”.
Publisher:
Xin Zhou  (signed and verified)

MD5:
3387d29c48e1932377725e188aadde0e

SHA-1:
9cd79655ef6a73824e9fb0f170f2923538c9b6ba

SHA-256:
66693ddc6cd326ec30d74ab9a1041570fc41622c993b3b6d278743d11bdf971c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 1:32:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.XinZhou (M)
16.5.21.10

File size:
282.7 KB (289,496 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\window update\server update\server.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
10/23/2015 7:00:00 AM

Valid to:
10/23/2016 6:59:59 AM

Subject:
CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
659A8A3384285135321373ABABE9503D

File PE Metadata
Compilation timestamp:
12/10/2015 11:37:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:4OMf9hYHF6WersrIkUtEqC+ANYyrubVYQ9ShxfZ92ax6:P29hYHFRemIkwCBNYyrubVYb92a6

Entry address:
0x1A644

Entry point:
E8, B8, 53, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 70, 40, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F8, 22, 44, 00, 01, 0F, 82, D6, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74...
 
[+]

Code size:
203.5 KB (208,384 bytes)

Service
Display name:
server Update

Service name:
server

Description:
Enables the detection, download, and installation of updates for server and other programs. If this service is disabled, users of this computer will not be able to use server Update or its automatic u

Type:
Win32OwnProcess, InteractiveProcess


Remove server.exe - Powered by Reason Core Security