home

snb server setup.exe

The executable snb server setup.exe has been detected as malware by 12 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from doc-0s-6g-docs.googleusercontent.com and multiple other hosts.
MD5:
e506292716e192eb6be967bf7f1cf5b3

SHA-1:
94539e71be33f87f2ec6c8ed04a585f4c0749fe8

SHA-256:
35d813899902cb02f0f323a37d4f149211b43a6a1964b2cfa2d8ddcd9da56cc6

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
2/25/2025 2:39:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.13281827
599

Agnitum Outpost
Trojan.DR.Agent
7.1.1

avast!
Win32:Malware-gen
2014.9-150616

ESET NOD32
probably unknown NewHeur_PE
9.11635

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.203.15931

McAfee
Artemis!E506292716E1
5600.6733

MicroWorld eScan
Trojan.Generic.13281827
16.0.0.501

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15614

Trend Micro House Call
Suspicious_GEN.F47V0427
7.2.167

Trend Micro
TROJ_GE.A8368551
10.465.16

VIPRE Antivirus
Trojan.Win32.Generic
40278

File size:
11.2 MB (11,709,346 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\snb server setup.exe

File PE Metadata
Compilation timestamp:
10/7/2014 11:40:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:WvEKRjdlmFk1u5PF7rRl2KI/YEZ+ogJRoCb5k9Z5R/uTmi0J2i0EEVPILHXJOQVe:WvNCk1u5PF3jI/lgJZlMKb0J2i0EEVui

Entry address:
0x30B6

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, 98, 37, 42, 00, E8, A8, 2D, 00, 00, A3, E4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 98, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, E0, 2E, 42, 00, E8, 52, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 40, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file snb server setup.exe has been seen being distributed by the following 6 URLs.

https://doc-0s-6g-docs.googleusercontent.com/docs/securesc/ilatqae7j2hm6q1q5epg2n5s8utc6m0u/28p7paflfnth9ad4ubgq9vjedt1cuj0t/1477144800000/.../08983618186392667293/0B1o6iDiJzYU2WmVaQ0Q1c1VxYjQ?e=download

http://download1732.mediafire.com/6aq297s0qqbg/.../SNB Server Setup.exe

http://download1625.mediafire.com/tdbutd7xid9g/.../SNB Server Setup.exe

http://download1625.mediafire.com/c5uidzyvy5rg/.../SNB Server Setup.exe

http://download1666.mediafire.com/co54szz5ptmg/.../SNB Server Setup.exe

http://download1143.mediafire.com/qdp6w0w7p7sg/.../SNB Server Setup.exe

Remove snb server setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.