home

server.exe

The executable server.exe has been detected as malware by 35 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘228adf35f324aa3a657d51387681b643’. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.
MD5:
4995caa01c9afd494e54e323f2558f40

SHA-1:
4470c589231020cb01ae1d812f33e38f29f11b7f

SHA-256:
927363298cb8ed41f58de53d94f2086a1b1dbf748faf710d53078c2cb700d7e6

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
4/23/2024 9:28:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKDZ.24293
918

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Backdoor/Win32.Bladabindi
14.07.31

Avira AntiVirus
TR/Dropper.Gen7
7.11.151.162

avast!
MSIL:Agent-BKA [Trj]
2014.9-140731

AVG
BackDoor.Generic18
2015.0.3396

Baidu Antivirus
Trojan.MSIL.Bladabindi
4.0.3.14731

Bitdefender
Trojan.GenericKDZ.24293
1.0.20.1060

Comodo Security
Backdoor.MSIL.Bladabindi.A
18333

Dr.Web
Trojan.DownLoader10.63222
9.0.1.0212

Emsisoft Anti-Malware
Trojan.GenericKDZ.24293
8.14.07.31.05

ESET NOD32
MSIL/Bladabindi.BH (variant)
8.9852

Fortinet FortiGate
MSIL/Bladabindi.Q!tr
7/31/2014

F-Prot
W32/MSIL_Bladabindi.G.gen
v6.4.7.1.166

F-Secure
Trojan.GenericKDZ.24293
11.2014-31-07_5

G Data
Trojan.GenericKDZ.24293
14.7.24

IKARUS anti.virus
Backdoor.MSIL
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.178.12203

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3476

Malwarebytes
Trojan.MSIL
v2014.07.31.05

McAfee
BackDoor-FBIB!098930313F5B
5600.7052

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AJ
1.10600

MicroWorld eScan
Trojan.GenericKDZ.24293
15.0.0.636

NANO AntiVirus
Trojan.Win32.DownLoader11.cxfbrl
0.28.0.59921

Norman
Bladabindi.JQ
11.20140731

nProtect
Trojan.GenericKDZ.24293
14.05.26.01

Qihoo 360 Security
Malware.QVM03.Gen
1.0.0.1015

Sophos
Troj/DotNet-P
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Bladabindi
10450

Total Defense
Win32/DotNetDl.A!generic
37.0.10961

Trend Micro House Call
BKDR_BLBINDI.SMN
7.2.212

Trend Micro
BKDR_BLBINDI.SMN
10.465.31

Vba32 AntiVirus
Trojan.MSIL.Disfa
3.12.26.0

VIPRE Antivirus
Backdoor.MSIL.Bladabindi.a
29636

Zillya! Antivirus
Trojan.Disfa.Win32.10634
2.0.0.1801

File size:
25.5 KB (26,112 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\server.exe

File PE Metadata
Compilation timestamp:
7/7/2014 1:23:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:A8aY1ia0N/IH+WUiWiLcXyUTly2Rc87po6ngB8W+tqlf5mRvR6JZlbw8hqIusZzR:F1Re/E+WUiW6ci6NR7tZRpcnuf

Entry address:
0x74AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.5373

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
21.5 KB (22,016 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
228adf35f324aa3a657d51387681b643

Command:
"C:\users\{user}\appdata\local\temp\server.exe"..


Remove server.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.