home

s_rv_r.exe

The executable s_rv_r.exe has been detected as malware by 40 anti-virus scanners. The file has been seen being downloaded from malwr.com.
MD5:
56bc817a34ba7d92182f418f6be47cac

SHA-1:
8cc80127c4b3382329bce1c0bee89e5afe95c6f8

SHA-256:
1390a07734549b504dd2280cb55ebd3786ac74f0bfeb98c08c36064df7defa18

Scanner detections:
40 / 68

Status:
Malware

Analysis date:
4/19/2024 11:56:23 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Comet.Gen.LO
7.1.1

AhnLab V3 Security
Trojan/Win32.Injector
2015.11.12

Avira AntiVirus
TR/Agent.GH.18
8.3.2.2

Arcabit
Backdoor.Fynloski.S
1.0.0.593

avast!
Win32:Flooder-GR [Trj]
2014.9-151112

AVG
Delf
2016.0.2928

Baidu Antivirus
Trojan.Win32.Pincav
4.0.3.151112

Bitdefender
Backdoor.Fynloski.S
1.0.20.1580

Bkav FE
W32.Raraban.Trojan
1.3.0.7383

Clam AntiVirus
Trojan.Agent-279329
0.98/21511

Comodo Security
Backdoor.Win32.DarkC.~A
23572

Dr.Web
BackDoor.Comet.21
9.0.1.0316

Emsisoft Anti-Malware
Backdoor.Fynloski.S
8.15.11.12.07

ESET NOD32
Win32/Delf.OAZ
9.12552

Fortinet FortiGate
W32/COMDAR.SMI!tr
11/12/2015

F-Prot
W32/Downloader.C.gen
v6.4.7.1.166

F-Secure
Backdoor.Fynloski.S
11.2015-12-11_5

G Data
Backdoor.Fynloski
15.11.25

IKARUS anti.virus
Backdoor.Win32.Hupigon
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17825

Kaspersky
Trojan.Win32.Pincav
14.0.0.1134

Malwarebytes
Trojan.Agent
v2015.11.12.07

McAfee
BackDoor-EZG.b
5600.6584

Microsoft Security Essentials
Backdoor:Win32/Fynloski.A
1.1.12205.0

MicroWorld eScan
Backdoor.Fynloski.S
16.0.0.948

NANO AntiVirus
Trojan.Win32.DarkKomet.wcwjb
0.30.26.4437

nProtect
Trojan/W32.Agent.674816.W
15.11.11.01

Panda Antivirus
Generic Malware
15.11.12.07

Qihoo 360 Security
QVM05.1.Malware.Gen
1.0.0.1077

Quick Heal
Backdoor.Fynloski.A9
11.15.14.00

Rising Antivirus
PE:Backdoor.Pontoeb!1.6637 [F]
23.00.65.151110

Sophos
Mal/DelfInj-A
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Backdoor
9512

Total Defense
Win32/Delf.ALK
37.1.62.1

Trend Micro House Call
BKDR_FYNLOS.SMIA
7.2.316

Trend Micro
BKDR_FYNLOS.SMIA
10.465.12

Vba32 AntiVirus
Backdoor.DarkKomet.gen
3.12.26.4

VIPRE Antivirus
Backdoor.Win32.Fynloski.A
45160

ViRobot
Backdoor.Win32.A.Agent.279552[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Pincav.Win32.25370
2.0.0.2503

File size:
659 KB (674,816 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
4/25/2011 4:25:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:59AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK5:/AQ6Zx9cxTmOrucTIEFSpOGU

Entry address:
0x908B4

Entry point:
55, 8B, EC, B9, 2F, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, E0, F2, 1C, 13, E8, E3, 6E, F7, FF, 33, C0, 55, 68, 72, 18, 1D, 13, 64, FF, 30, 64, 89, 20, E8, 44, B0, FF, FF, B2, 01, A1, 58, ED, 1C, 13, E8, FC, E4, FF, FF, A3, FC, 1B, 1E, 13, 33, C0, 55, 68, 22, 09, 1D, 13, 64, FF, 30, 64, 89, 20, 8D, 45, EC, E8, F5, BC, FF, FF, 8B, 55, EC, A1, 78, 4C, 1D, 13, E8, E4, 4B, F7, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 0A, E9, 35, 42, F7, FF, E8, 40, 46, F7, FF, 8D, 4D, E8, BA, 8C, 18, 1D, 13...
 
[+]

Entropy:
6.6438

Developed / compiled with:
Microsoft Visual C++

Code size:
577 KB (590,848 bytes)

The file s_rv_r.exe has been seen being distributed by the following URL.

https://malwr.com/analysis/file/OTM4NjJiNGQ4ZDg0NDZhYmI5ZjU4YzAxZmEwZWUwN2E/sample/.../

Remove s_rv_r.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.