hidserv.exe

The executable hidserv.exe, “Autostart program viewer” has been detected as malware by 7 anti-virus scanners. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes.
Remove hidserv.exe - Powered by Reason Core Security
Description:
Autostart program viewer

Version:
11.42

MD5:
4fcf32a3eca9eed49f6621f3406c49ac

SHA-1:
e54ceb145f0db98066f8d9dc2fb32aa0b6186ce6

SHA-256:
daddfb1850a118c54a2f550bf829505cc3a38a7a5e20631ef16d8c9a31c9b072

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/7/2016 7:35:36 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Crypt3
2015.0.3448

Dr.Web
BackDoor.Cybergate.3997
9.0.1.05190

ESET NOD32
MSIL/Injector.DYH trojan
7.0.302.0

Kaspersky
Trojan-Spy.MSIL.KeyLogger
15.0.0.463

Malwarebytes
Trojan.Agent
v2014.06.10.10

McAfee Web Gateway
Heuristic.LooksLike.Win32.Suspicious.B
7.7104

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Remove hidserv.exe - Powered by Reason Core Security
File size:
324 KB (331,776 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\hidserv.exe

File PE Metadata
Compilation timestamp:
6/8/2014 2:08:50 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:iz9CdKnxAkyQ0OWN/QKIs5siCK/mCTy7YV1aQU:i9Cknx7yQ0OW1Isqu/mC6YOh

Entry address:
0x524DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8331

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
321.5 KB (329,216 bytes)

Remove hidserv.exe - Powered by Reason Core Security