» server.exe
Overview
Analysis
File Details
Downloads (1)

server.exe

The executable server.exe has been detected as malware by 33 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from www.lhfm.ca.

File name:

server.exe

MD5:

ced50dcd0af4e20db2da94ae21fc566b

SHA-1:

56af1216605d298674714b1b001a1433f140f30e

SHA-256:

7ea12e209bdb35b8c4f4364a5b773d65a2f098c1296e52fb2e2eaab54548ec1f

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/26/2024 11:58:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDZ.24293

1013

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Backdoor/Win32.Bladabindi

14.04.28

Avira AntiVirus

TR/Dropper.Gen7

7.11.145.160

avast!

MSIL:Agent-BKA [Trj]

2014.9-140428

AVG

BackDoor.Generic18

2015.0.3491

Bitdefender

Trojan.GenericKDZ.24293

1.0.20.590

Bkav FE

W32.DropperBladabindiC.Trojan

1.3.0.4959

Comodo Security

Backdoor.MSIL.Bladabindi.A

18180

Dr.Web

Trojan.DownLoader10.63222

9.0.1.0118

Emsisoft Anti-Malware

Trojan.GenericKDZ.24293

8.14.04.28.10

ESET NOD32

MSIL/Bladabindi.BH (variant)

8.9731

Fortinet FortiGate

MSIL/Bladabindi.Q!tr

4/28/2014

F-Secure

Trojan.GenericKDZ.24293

11.2014-28-04_2

G Data

Trojan.GenericKDZ.24293

14.4.24

IKARUS anti.virus

Backdoor.MSIL

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.176.11907

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3948

Malwarebytes

Trojan.MSIL

v2014.04.28.10

McAfee

BackDoor-FBIB!CED50DCD0AF4

5600.7147

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.10502

MicroWorld eScan

Trojan.GenericKDZ.24293

15.0.0.354

NANO AntiVirus

Trojan.Win32.DownLoader10.cwbhym

0.28.0.59492

Norman

Bladabindi.JQ

11.20140428

nProtect

Trojan.GenericKDZ.24293

14.04.27.01

Qihoo 360 Security

Malware.QVM03.Gen

1.0.0.1015

Quick Heal

Backdoor.Bladabindi.AL3

4.14.14.00

Rising Antivirus

PE:Backdoor.MSIL.Bladabindi!1.9E49

23.00.65.14426

Sophos

Troj/DotNet-P

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Bladabindi

10638

Total Defense

Win32/DotNetDl.A!generic

37.0.10904

Vba32 AntiVirus

Trojan.MSIL.Disfa

3.12.26.0

VIPRE Antivirus

Backdoor.MSIL.Bladabindi.a

28650

File size:

23.5 KB (24,064 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\server.exe

File PE Metadata

Compilation timestamp:

4/25/2014 9:03:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:wnY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZKzg:wwL2s+tRyRpcnuTc

Entry address:

0x747E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.5225

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

21.5 KB (22,016 bytes)

The file server.exe has been seen being distributed by the following URL.

http://www.lhfm.ca/server.exe

Remove server.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.