server1.exe

The executable server1.exe has been detected as malware by 6 anti-virus scanners. The file has been seen being downloaded from www.datafilehost.com.
MD5:
bbd0a92d98f0eccfa917b9d463da78b4

SHA-1:
18ed754d1805a80d0184660ea9601ffedc0121d5

SHA-256:
25738b29b834ca4ef9175f49787254858904914aae94cc8a0cde8a4787849fcb

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/25/2024 12:55:19 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:Agent-BXF [Trj]
160518-2

Dr.Web
Trojan.DownLoader10.20383
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.MSIL.Bladabindi
11.5.0.6191

ESET NOD32
MSIL/Bladabindi.AS trojan
8.0.319.0

Microsoft Security Essentials
Threat.Undefined
1.225.1590.0

Norman
Generic.MSIL.Bladabindi.ED882257
28.05.2016 15:32:18

File size:
302.5 KB (309,760 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\server1.exe

File PE Metadata
Compilation timestamp:
2/24/2016 11:46:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:RS/h5A29Z2UQRTIZ8RXSf8dIW2HAYPo2pyIfI1usMkk/Wkkw1WxZ+BT5grMjtM/U:iT9Z2UiMZHkdIW2o61WxZ+p5g4c

Entry address:
0x8AEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.0105

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
27 KB (27,648 bytes)

The file server1.exe has been seen being distributed by the following URL.

Remove server1.exe - Powered by Reason Core Security