server.exe

The executable server.exe has been detected as malware by 20 anti-virus scanners. This is a trojan Bot that uses IRC to communicate with a comand and control network. The Trojan drops other malicious software and opens a backdoor on the infected computer and will run automatically on each boot.
MD5:
319adf86b09bff0ffdd4f9370937e5fe

SHA-1:
e456db8814685b540185421f948032ea56659e2d

SHA-256:
220ef7e1f58a27118387559d7c71e2b7444537a9957b7eff4c8940388a968c0a

Scanner detections:
20 / 68

Status:
Malware

Explanation:
Part of a backdoor IRC bot network.

Analysis date:
11/29/2024 4:35:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.RP.1yWaaesV@t
-40

Avira AntiVirus
TR/Crypt.TPM.Gen
8.3.1.6

Arcabit
Trojan.Heur.RP.ED28CC
1.0.0.425

Bitdefender
Gen:Trojan.Heur.RP.1yWaaesV@t
1.0.20.375

Bkav FE
W32.HfsAutoB
1.3.0.6379

Comodo Security
TrojWare.Win32.Agent.COC
22384

Emsisoft Anti-Malware
Gen:Trojan.Heur.RP.1yWaaesV@t
8.17.03.16.08

ESET NOD32
Win32/Packed.Themida suspicious (variant)
11.11753

F-Secure
Gen:Trojan.Heur.RP.1yWaaesV@t
11.2017-16-03_5

G Data
Gen:Trojan.Heur.RP.1yWaaesV@t
17.3.25

K7 AntiVirus
Trojan
13.204.16176

Kaspersky
Trojan.Win32.ServStart
14.0.0.-1317

McAfee
Artemis!319ADF86B09B
5600.6094

Microsoft Security Essentials
DDoS:Win32/Nitol.D
1.1.11701.0

MicroWorld eScan
Gen:Trojan.Heur.RP.1yWaaesV@t
18.0.0.225

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1015

Quick Heal
(Suspicious) - DNAScan
3.17.14.00

Trend Micro House Call
PAK_Crypt
7.2.75

Trend Micro
TROJ_GEN.R0C1C0DEP15
10.465.16

VIPRE Antivirus
Backdoor.Win32.Ircbot.gen
40948

File size:
855 KB (875,520 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\server.exe

File PE Metadata
Compilation timestamp:
6/12/1999 7:05:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1CE000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 60, 0C, 00, 2D, 1C, 8A, 09, 10, 05, 11, 8A, 09, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, DB, D0, D6, 56, 68, 6E, E6, 3C, 6E, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 76, A5, 7D, 74, 46, 4C, 70, 4F, 59, FE, 91, D2, C3, CA...
 
[+]

Entropy:
7.9045  (probably packed)

Code size:
2 KB (2,048 bytes)

Remove server.exe - Powered by Reason Core Security