» server.exe
Overview
Analysis
File Details
Behaviors (1)

server.exe

The executable server.exe has been detected as malware by 38 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘5206ee60c2e852457ced3f837294a948’. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.

File name:

server.exe

MD5:

5d4974cf4c668629fb2ef575012a8423

SHA-1:

320012a438bc8c0b0759fc92be83025713aaf731

SHA-256:

961833122ad2f312541283cc78718a6f9d4d96c928e6d2f1ed9957da65c8e18e

Scanner detections:

38 / 68

Status:

Malware

Analysis date:

4/20/2024 2:19:57 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDZ.24293

868

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Backdoor/Win32.Bladabindi

14.09.19

Avira AntiVirus

TR/Dropper.Gen7

7.11.149.108

avast!

MSIL:Agent-BKA [Trj]

2014.9-140919

AVG

BackDoor.Generic18

2015.0.3346

Bitdefender

Trojan.GenericKDZ.24293

1.0.20.1310

Bkav FE

W32.FipaletAAK.Trojan

1.3.0.4959

Comodo Security

Backdoor.MSIL.Bladabindi.A

18265

Dr.Web

BackDoor.Bladabindi.1056

9.0.1.05190

Emsisoft Anti-Malware

Trojan.GenericKDZ.24293

8.14.09.19.06

ESET NOD32

MSIL/Bladabindi.BH (variant)

8.9794

Fortinet FortiGate

MSIL/Bladabindi.Q!tr

9/19/2014

F-Prot

W32/MSIL_Bladabindi.G.gen

v6.4.7.1.166

F-Secure

Trojan.GenericKDZ.24293

11.2014-19-09_6

G Data

Trojan.GenericKDZ.24293

14.9.24

IKARUS anti.virus

Backdoor.MSIL

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.177.12067

Kaspersky

Trojan.MSIL.Disfa

14.0.0.3226

Malwarebytes

Trojan.MSIL

v2014.09.19.07

McAfee

BackDoor-FBIB!3D8E7C825BDE

5600.7002

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.10502

MicroWorld eScan

Trojan.GenericKDZ.24293

15.0.0.786

NANO AntiVirus

Trojan.Win32.DownLoader11.cxfbrl

0.28.0.59826

Norman

Bladabindi.JQ

11.20140919

nProtect

Trojan/W32.Agent.24064.TS

14.05.13.01

Panda Antivirus

Generic Malware

14.11.29.11

Qihoo 360 Security

Malware.QVM03.Gen

1.0.0.1015

Quick Heal

Backdoor.Bladabindi.AL3

9.14.14.00

Rising Antivirus

PE:Backdoor.MSIL.Bladabindi!1.9E49

23.00.65.141127

Sophos

Troj/DotNet-P

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Bladabindi

10349

Total Defense

Win32/DotNetDl.A!generic

37.0.10933

Trend Micro House Call

BKDR_BLBINDI.SMN

7.2.262

Trend Micro

BKDR_BLBINDI.SMN

10.465.19

Vba32 AntiVirus

Trojan.MSIL.Disfa

3.12.26.0

VIPRE Antivirus

Backdoor.MSIL.Bladabindi.a

29166

Zillya! Antivirus

Trojan.Disfa.Win32.10565

2.0.0.1786

File size:

23.5 KB (24,064 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\server.exe

File PE Metadata

Compilation timestamp:

7/12/2011 1:41:23 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:FcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZ6W:G30py6vhxaRpcnue

Entry address:

0x747E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.5221

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

21.5 KB (22,016 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

5206ee60c2e852457ced3f837294a948

Command:

"C:\users\{user}\appdata\local\temp\server.exe"..

Remove server.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.