» server.exe
Overview
Analysis
File Details

server.exe

The executable server.exe has been detected as malware by 42 anti-virus scanners.

File name:

server.exe

MD5:

22b144ad5b597fde1825b85e2db8c800

SHA-1:

126792313f220d937ae754e17fa2d16f1d0e7895

SHA-256:

54ca07d1c196afac470ae3e3d7144bbede5a3de48805ca1d83a94529fbf29195

Scanner detections:

42 / 68

Status:

Malware

Analysis date:

4/25/2024 7:12:01 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.3742646

833

AegisLab AV Signature

Troj.W32.Agentb

2.1.4+

Agnitum Outpost

Backdoor.SubSeven

7.1.1

AhnLab V3 Security

Win-Trojan/SubSeven.55808

2014.10.05

Avira AntiVirus

TR/Drop.Jun.c.1.1.A

7.11.176.150

avast!

Win32:SubSeven-CX [Trj]

2014.9-141025

AVG

BackDoor.Generic13

2015.0.3311

Baidu Antivirus

Backdoor.Win32.SubSeven

4.0.3.141025

Bitdefender

Trojan.Generic.3742646

1.0.20.1490

Bkav FE

W32.OnGameWPIUAAF.Trojan

1.3.0.4959

Clam AntiVirus

Trojan.SubSeven.22.D

0.98/21411

Comodo Security

Backdoor.Win32.SubSeven.2_2.A

19709

Emsisoft Anti-Malware

Trojan.Generic.3742646

8.14.10.25.09

ESET NOD32

Win32/SubSeven.2_2

8.10513

Fortinet FortiGate

W32/SubSeven.22.A!tr

10/25/2014

F-Prot

W32/Backdoor2.SNL

v6.4.7.1.166

F-Secure

Trojan.Generic.3742646

11.2014-25-10_7

G Data

Trojan.Generic.3742646

14.10.24

IKARUS anti.virus

Backdoor.Win32.SubSeven

t3scan.1.7.8.0

K7 AntiVirus

Backdoor

13.183.13584

Kaspersky

Backdoor.Win32.SubSeven

14.0.0.3048

Malwarebytes

Trojan.Backdoor

v2014.10.25.09

McAfee

BackDoor-Sub7.svr

5600.6967

Microsoft Security Essentials

Backdoor:Win32/Subseven.A

1.11005

MicroWorld eScan

Trojan.Generic.3742646

15.0.0.894

NANO AntiVirus

Trojan.Win32.SubSeven.dqcy

0.28.2.62440

Norman

SubSeven.2_2

11.20141025

nProtect

Backdoor/W32.SubSeven.55808

14.10.05.01

Panda Antivirus

Bck/Subseven.P

14.10.25.09

Qihoo 360 Security

Win32/Trojan.e99

1.0.0.1015

Quick Heal

Backdoor.SubSeven.22.n3

10.14.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.2.12

Rising Antivirus

PE:Trojan.Win32.Generic.12A6B8F4!312916212

23.00.65.141023

Sophos

Troj/Sub7-2.2

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Subseven

10278

Total Defense

Win32/SubSeven.AM

37.0.11209

Trend Micro House Call

BKDR_SUB7.22A

7.2.298

Trend Micro

BKDR_SUB7.22A

10.465.25

Vba32 AntiVirus

Backdoor.SubSeven

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Ircbot!cobra

33682

ViRobot

Backdoor.Win32.SubSeven.56574

2011.4.7.4223

Zillya! Antivirus

Backdoor.SubSeven.Win32.298

2.0.0.1943

File size:

54.5 KB (55,808 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\server.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

768:baunOCSMjJ7JQBKVtpkpjcC+koezmO6OT4yd7ej8wgFLFrAPi/spm7XB8sXfLoow:bgCZucC+ne/6LyRa85FBcVpm7XqsPnw

Entry address:

0x29AA0

Entry point:

60, BE, 00, D0, 41, 00, 8D, BE, 00, 40, FE, FF, C7, 87, C0, 04, 02, 00, 70, 36, CA, CC, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

52 KB (53,248 bytes)

Remove server.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.