home

server.exe

The executable server.exe has been detected as malware by 38 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘9a991f711bbecc4fffc26db97467d4e3’.
MD5:
e4ca87a356f42681232ebf402cac17f7

SHA-1:
217daaf864abab4589e60a9a98c2578adf4cca71

SHA-256:
109f66b97dde65e8b04868ab27d893286530e24cb2757ed6704e6d6bd1cc6b3e

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
4/25/2024 11:48:31 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Barys.10219
6435775

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Backdoor/Win32.Bladabindi
2015.01.25

Avira AntiVirus
BDS/Bladabindi.dcrj
7.11.204.248

avast!
MSIL:GenMalicious-V [Trj]
150102-1

AVG
PSW.ILUSpy
2016.0.3219

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.15125

Bitdefender
Gen:Variant.Barys.10219
1.0.20.125

Bkav FE
W32.AdonisC.Trojan
1.3.0.6379

Clam AntiVirus
Win.Backdoor.Bladabindi-1
0.98/19974

Comodo Security
Backdoor.MSIL.Bladabindi.A
20835

Dr.Web
BackDoor.Bladabindi.1056
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Barys.10219
9.0.0.4799

ESET NOD32
MSIL/Bladabindi.BC trojan
7.0.302.0

Fortinet FortiGate
MSIL/Bladabindi.SMC!tr
1/25/2015

F-Prot
W32/MSIL_Bladabindi.G.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Barys.10219
5.13.68

G Data
Gen:Variant.Barys.10219
15.1.24

K7 AntiVirus
Trojan
13.192.14746

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.2589

Malwarebytes
Backdoor.Bladabindi.Gen
v2015.01.25.03

McAfee
BackDoor-NJRat!E4CA87A356F4
5600.6875

Microsoft Security Essentials
Threat.Undefined
1.191.3191.0

MicroWorld eScan
Gen:Variant.Barys.10219
16.0.0.75

NANO AntiVirus
Trojan.Win32.DownLoader11.cxfbrl
0.30.0.64812

Norman
Gen:Variant.Barys.10219
03.12.2014 13:20:04

nProtect
Trojan/W32.Agent.24064.TU
15.01.23.01

Panda Antivirus
Generic Malware
15.01.25.03

Qihoo 360 Security
Malware.QVM03.Gen
1.0.0.1015

Quick Heal
Backdoor.Bladabindi.AL3
1.15.14.00

Sophos
Virus 'Troj/DotNet-P'
5.09

SUPERAntiSpyware
Trojan.Agent/Gen-Bladabindi
10095

Total Defense
Win32/DotNetDl.A!generic
37.0.11402

Trend Micro House Call
BKDR_BLBINDI.SMN
7.2.25

Trend Micro
BKDR_BLBINDI.SMN
10.465.25

Vba32 AntiVirus
Backdoor.MSIL.Agent
3.12.26.3

VIPRE Antivirus
Threat.4799966
36694

Zillya! Antivirus
Trojan.Disfa.Win32.10564
2.0.0.2044

File size:
23.5 KB (24,064 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\server.exe

File PE Metadata
Compilation timestamp:
10/26/2014 8:20:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:P+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZdj:om+71d5XRpcnuS

Entry address:
0x748E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
21.5 KB (22,016 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
9a991f711bbecc4fffc26db97467d4e3

Command:
"C:\users\{user}\appdata\local\temp\server.exe"..


Remove server.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.