» easyserver.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

easyserver.exe

The executable easyserver.exe has been detected as malware by 5 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler. This file is typically installed with the program EasyCafe Server 2.2 (Firewall Edition) by TinaSoft Software & Internet Solutions. While running, it connects to the Internet address mail.tinasoft.net on port 80 using the HTTP protocol.

File name:

easyserver.exe

MD5:

d27c723ed48575bb3a98f73bd251665f

SHA-1:

7d12099b960dfcdcd14f0e98b7e0a47c29d9da38

SHA-256:

9079ffb264b40da58d731075cdc0fd659cb35e293c5a28c8a4919e9b17665c76

Scanner detections:

5 / 68

Status:

Malware

Analysis date:

4/25/2024 8:17:00 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Suspicious

7.1.1

Bkav FE

W32.HfsAutoB

1.3.0.4613

K7 AntiVirus

Trojan

13.174.10530

Reason Heuristics

Unnamed.Threat.11

14.3.2.12

Trend Micro House Call

TROJ_GEN.F47V0718

7.2.356

File size:

2.5 MB (2,593,280 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\tinasoft\easy cafe server\easyserver.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:xAgr4tVyhevJjc5RtVkwEusxwmueEukAG:Pr4tcevJ++xEN

Entry address:

0x439001

Entry point:

60, E9, D9, 04, 00, 00, 7F, 98, 97, 97, 97, 27, F4, 18, 84, DF, 4D, DC, 97, 52, D3, 4D, DC, 97, 9A, 74, C2, 34, 2F, 55, DC, 97, 1A, 54, 17, 54, DC, 97, 97, 20, 34, 17, 54, DC, 97, A6, 1C, E0, 9A, 97, 97, 5E, 1C, D6, 4D, DC, 97, 97, 97, 97, 97, 24, 1C, 1F, 54, DC, 97, E7, 96, 2C, 6B, 55, DC, 97, 20, 1C, 1B, 54, DC, 97, 22, 8F, 24, 34, 2C, 54, DC, 97, EA, E7, 96, 2C, 67, 55, DC, 97, 20, 1C, 37, 55, DC, 97, 24, 34, 39, 54, DC, 97, EA, EE, 96, 2C, 67, 55, DC, 97, 20, 1C, 3B, 55, DC, 97, 20, 3C, 68, 4E, DC, 97... 
[+]

Packer / compiler:

ASProtect v1.1, 0xBRS

Code size:

2.4 MB (2,504,192 bytes)

Scheduled Task

Task name:

{2D3D5861-C89A-4352-8C7E-2864BE5ED0CE}

Trigger:

Registration (Runs on registration)

The file easyserver.exe has been discovered within the following program.

EasyCafe Server 2.2 (Firewall Edition) by TinaSoft Software & Internet Solutions

www.tinasoft.com/easycafe/support.htm

About 2% of users remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to mail.tinasoft.net (136.243.21.22:80)

Remove easyserver.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.