» casrv.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

casrv.exe

The executable casrv.exe has been detected as malware by 14 anti-virus scanners. This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “CA Service component”. The file has been seen being downloaded from download-servers.com.

File name:

casrv.exe

MD5:

082402717467cc86f5a5f37adfcbbee9

SHA-1:

153d53a2e9429f2c14c9cf26f29f77d3efa06c9a

SHA-256:

8d904916f0a0910834b622324afdf7ab810e72f56cc274126fd1137ed9d8ad3e

Scanner detections:

14 / 68

Status:

Malware

Analysis date:

5/9/2024 1:53:55 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2055426

760

Bitdefender

Trojan.GenericKD.2055426

1.0.20.25

Emsisoft Anti-Malware

Trojan.GenericKD.2055426

8.15.01.05.02

F-Secure

Trojan.GenericKD.2055426

11.2015-05-01_2

G Data

Trojan.GenericKD.2055426

15.1.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.5.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2687

McAfee

Artemis!0D3E7FB7F35F

5600.6894

MicroWorld eScan

Trojan.GenericKD.2055426

16.0.0.15

nProtect

Trojan.GenericKD.2055426

15.01.02.01

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.1.5.14

Trend Micro House Call

Suspicious_GEN.F47V1227

7.2.5

VIPRE Antivirus

Win32.Malware!Drop

36366

File size:

140 KB (143,360 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\convertad\casrv.exe

File PE Metadata

Compilation timestamp:

1/5/2015 6:16:45 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:MwfHRgNcfnHkluqI9+24vP6m8/ZQLewy9i0f:jxg6fHk0x+2sP6mZLe3f

Entry address:

0xB223

Entry point:

E8, 74, 56, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 67, F5, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 1B, 2E, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 88, 1A, 42, 00, 74, 12, 8B, 0D, 40, 18, 42, 00, 85, 48, 70, 75, 07, E8, 19, 35, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 38, 1F, 42, 00, 74, 16, 8B, 46, 08, 8B, 0D, 40, 18, 42, 00... 
[+]

Code size:

102.5 KB (104,960 bytes)

Service

Display name:

CA Service component

Service name:

serverca

Description:

Ongoing updates responsible service.

Type:

Win32OwnProcess

The file casrv.exe has been seen being distributed by the following URL.

http://download-servers.com/.../CASrv.exe

Remove casrv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.