» server.exe
Overview
Analysis
File Details
Behaviors (1)

server.exe

bpAUiVIiFE

cvCKenomrP

The executable server.exe has been detected as malware by 31 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘{083D29FC-EC3A-2871-97A8-263DFA53F761}’.

File name:

server.exe

Publisher:

cvCKenomrP

Product:

bpAUiVIiFE

Version:

0.04.0007

MD5:

c0da5ef80f1fe6795c0bced7e1dcff12

SHA-1:

5fc12e2a50deaa03154c17da61162f4d5f25693f

SHA-256:

c735782d2e0cb47a35a9ef25ad1fd9e8b1fdfaa5fa80e84e417d9a6e6dae7176

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

4/19/2024 4:03:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Heur.ManBat.1

647

Agnitum Outpost

Worm.Rbot

7.1.1

Avira AntiVirus

TR/Dropper.Gen

7.11.213.76

avast!

Win32:VB-WWA [Trj]

2014.9-150428

AVG

Luhe.Malum.A

2016.0.3125

Baidu Antivirus

Trojan.Win32.Refroso

4.0.3.15428

Bitdefender

Gen:Heur.ManBat.1

1.0.20.590

Clam AntiVirus

Win.Trojan.Rbot-1945

0.98/21511

Comodo Security

UnclassifiedMalware

21280

Dr.Web

BackDoor.Bifrost.19762

9.0.1.0118

Emsisoft Anti-Malware

Gen:Heur.ManBat

8.15.04.28.02

ESET NOD32

Win32/Bifrose.NTA

9.11263

Fortinet FortiGate

W32/Refroso.DZP!tr

4/28/2015

F-Secure

Gen:Heur.ManBat.1

11.2015-28-04_3

G Data

Gen:Heur.ManBat

15.4.25

IKARUS anti.virus

Trojan.Win32.FakeAV

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.200.15148

Kaspersky

Trojan.Win32.Refroso

14.0.0.2122

McAfee

Artemis!C0DA5EF80F1F

5600.6781

Microsoft Security Essentials

Backdoor:Win32/Bifrose.AE

1.1.11400.0

MicroWorld eScan

Gen:Heur.ManBat.1

16.0.0.354

NANO AntiVirus

Trojan.Win32.Rbot.bdjdph

0.30.0.296

Norman

Inject.AGGA

11.20150428

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Total Defense

Win32/VBKrypt.BA!generic

37.0.11474

Trend Micro House Call

TROJ_GEN.R047C0DAG15

7.2.118

Vba32 AntiVirus

Malware-Cryptor.VB.gen.9

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38092

ViRobot

Backdoor.Win32.A.Rbot.1635435[h]

2014.3.20.0

Zillya! Antivirus

Backdoor.RBot.Win32.25883

2.0.0.2088

File size:

1.6 MB (1,635,435 bytes)

Product version:

0.04.0007

hHWOgi

Trademarks:

bDLXAT

Original file name:

FREE.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\bifrost\server.exe

File PE Metadata

Compilation timestamp:

5/25/2011 1:30:05 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:kN7TyTcfx7tQ9TSCPxn29LHCEu7N8OmObQXdETytm84gH+TVZ:+7+TWuxeOEuOXdETr84E+TP

Entry address:

0x72C4

Entry point:

68, B4, 82, 40, 00, E8, EE, FF, FF, FF, 00, 00, FF, CC, 31, 00, 03, C3, 93, AA, D6, 6C, 55, 8C, 4F, A1, A9, 87, E2, E4, 80, 8D, 04, CC, 85, 87, 62, F6, B1, 76, 4A, 9D, DB, ED, 1F, 80, DD, 3F, 02, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 43, 01, 00, 00, 5C, 00, 00, 00, 00, 04, 00, 61, 71, 75, 76, 00, 0D, 01, 1F, 00, 46, 52, 45, 45, 20, 44, 49... 
[+]

Entropy:

5.8124

Code size:

1.5 MB (1,597,440 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

{083D29FC-EC3A-2871-97A8-263DFA53F761}

Command:

C:\users\{user}\appdata\roaming\bifrost\server.exe

Remove server.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.