» dc server builder.exe
Overview
Analysis
File Details
Downloads (1)

dc server builder.exe

Dark Server Builder

Uchix7Dark

The executable dc server builder.exe has been detected as malware by 21 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download1714.mediafire.com.

File name:

Publisher:

Uchix7Dark

Product:

Dark Server Builder

Version:

1.0.0.0

MD5:

e056083f35510a48b4f57f67ab1a83ac

SHA-1:

bd757ab725e195dcc096b64bf39c77a3935d5a2d

SHA-256:

d0b2911478ee4c56e656ff9af714c17456bbb33dca411deed014adda70a25948

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

4/26/2024 3:18:19 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.87767

642

Avira AntiVirus

TR/Dropper.Gen

7.11.208.88

avast!

Win32:Malware-gen

2014.9-150503

Baidu Antivirus

Hacktool.Win32.DarkKomet

4.0.3.1553

Comodo Security

UnclassifiedMalware

20991

Dr.Web

BackDoor.Comet.306

9.0.1.0123

ESET NOD32

MSIL/TrojanDropper.Agent.AKZ (variant)

9.11137

F-Secure

Gen:Variant.Zusy.87767

11.2015-03-05_1

G Data

Win32.Trojan.Agent.WKVXIG

15.5.25

IKARUS anti.virus

Trojan-Dropper

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.193.14895

Kaspersky

HackTool.Win32.DarkKomet

14.0.0.2096

McAfee

Artemis!E056083F3551

5600.6776

MicroWorld eScan

Gen:Variant.Zusy.87767

16.0.0.369

NANO AntiVirus

Trojan.Win32.Comet.bymemn

0.30.0.65070

Norman

Suspicious_Gen4.ENVRQ

11.20150503

Qihoo 360 Security

Win32/Trojan.785

1.0.0.1015

Rising Antivirus

PE:Trojan.Nitol!1.9E17

23.00.65.15501

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

37332

ViRobot

Trojan.Win32.S.Agent.1189888.A[h]

2014.3.20.0

File size:

1.1 MB (1,189,888 bytes)

Product version:

1.0.0.0

Original file name:

Dark Server Builder.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\phrozensoft\dclegacyviewer\dc server builder.exe

File PE Metadata

Compilation timestamp:

7/24/2013 5:32:38 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:QUem+VQ7fUIhYlqRmoh7QevAJy5yJs2Yjps3+rztEGl+reU:QUemrcTSr7QevAn22+rzaG1U

Entry address:

0x1223EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A6, 01, F0, 51, 00, 00, 00, 00, 02, 00, 00, 00, B1, 00, 00, 00, 1C, 40, 12, 00, 1C, 08, 12, 00, 52, 53, 44, 53, 9D, E1, 4B, 84, 5B, 02, A1, 4E, AB, 4E, BF, CF, E4, 56, E9, 11, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 53, 68, 61, 72, 79, 4D, 79, 73, 74, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C, 56, 69, 73, 75, 61, 6C, 20, 53, 74, 75, 64, 69, 6F, 20, 32, 30, 31, 30, 5C, 50, 72, 6F, 6A, 65, 63, 74, 73, 5C, 44... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.1 MB (1,180,672 bytes)

The file dc server builder.exe has been seen being distributed by the following URL.

http://download1714.mediafire.com/omkjmmx3delg/.../DC Server Builder.exe

Remove dc server builder.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.