» bsserver.exe
Overview
Analysis
File Details
Behaviors (1)

bsserver.exe

Suprema Inc.

The executable bsserver.exe has been detected as malware by 17 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “BioStar Server”. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

bsserver.exe

Publisher:

Suprema Inc. (signed and verified)

MD5:

739f659965aa2c4a6afeb6f4ea2d55ce

SHA-1:

08bbec4b91ed6aca42546283fe3416ebaac67659

SHA-256:

389bc36687bdd7018f3005fd289c02be70e5e848c278207b88879a7cc364b18b

Scanner detections:

17 / 68

Status:

Malware

Explanation:

bsserver.exe is infected by a worm that might download, install and run additional malware as well as may spread to other executable files.

Analysis date:

4/24/2024 11:23:55 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Ramnit.N

5691347

Avira AntiVirus

W32/Ramnit.C

7.11.30.172

avast!

Win32:RmnDrp

160112-0

AVG

Win32/Zbot.G

2015.0.4489

Clam AntiVirus

W32.Ramnit-1

0.98/21271

Dr.Web

Win32.Siggen.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Ramnit.N

10.0.0.5366

ESET NOD32

Win32/Ramnit.H virus

7.0.302.0

F-Prot

W32/Ramnit.D

4.6.5.141

F-Secure

Win32.Ramnit.N

5.15.21

Kaspersky

Virus.Win32.Nimnul

15.0.0.562

McAfee

Virus.W32/Virut.n.gen

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.3172.0

Norman

Win32.Ramnit.N

11.01.2016 17:30:26

Sophos

Virus 'W32/Ramnit-A'

5.23

VIPRE Antivirus

Threat.4732184

46444

File size:

1.2 MB (1,266,001 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\biostar\server\bsserver.exe

Digital Signature

Signed by:

Suprema Inc.

Authority:

Suprema Inc.

Valid from:

12/13/2006 3:53:55 PM

Valid to:

12/8/2026 3:53:55 PM

Subject:

O=Suprema Inc., CN=Suprema CA

Issuer:

O=Suprema Inc., CN=Suprema CA

Serial number:

00E36262D0F07537CB

File PE Metadata

Compilation timestamp:

4/26/2007 3:50:45 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:ab+jZWUdry02zwBmg2wLs8tx32quC86pWpCRvmF766TuRzan6Ts/5ef6Lds8s:a4Zbry22wLs8Jz86pWsRzan6Ts/57Ldg

Entry address:

0x2D4000

Entry point:

60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 1E, A5, 01, 20, 2B, 85, 85, AC, 01, 20, 89, 85, 81, AC, 01, 20, B0, 00, 86, 85, B6, AE, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, B1, AD, 01, 20, 00, 74, 33, 83, BD, B5, AD, 01, 20, 00, 74, 2A, 8B, 85, 81, AC, 01, 20, 2B, 85, B1, AD, 01, 20, 8B, 00, 89, 85, EE, AD, 01, 20, 8B, 85, 81, AC, 01, 20, 2B, 85, B5, AD, 01, 20, 8B, 00, 89, 85, F2, AD, 01, 20, EB, 61, 83, BD, B9, AD, 01, 20, 00, 74, 58, 8B, 85, 81, AC, 01, 20, 2B, 85, B9, AD, 01, 20, FF, 30, 8D, 85... 
[+]

Entropy:

6.8911

Packer / compiler:

ASPack v1.08.04

Code size:

772 KB (790,528 bytes)

Service

Display name:

BioStar Server

Description:

BioStar Server by Suprema Inc.

Type:

Win32OwnProcess

Remove bsserver.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.