» server.exe
Overview
Analysis
File Details
Downloads (1)

server.exe

Aruba

The executable server.exe has been detected as malware by 17 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.msil.pw.

File name:

server.exe

Publisher:

028ad (signed by Aruba)

Product:

028ad

Version:

0.0.0.0

MD5:

4d63651df1361b21058338888271ebc6

SHA-1:

73007617554899c26e1388a8dc78f6e0e8e20224

SHA-256:

b011e431f8959f296b1d4d7509bcb0462fabce46a6c744e7f5b8cd87d6d2ae27

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

5/29/2024 11:33:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDZ.27589

602

AhnLab V3 Security

Trojan/Win32.MDA

2015.06.05

Avira AntiVirus

TR/Dropper.Gen

8.3.1.6

Arcabit

Trojan.Generic.D6BC5

1.0.0.425

avast!

Win32:Evo-gen [Susp]

2014.9-150613

AVG

MSIL7

2016.0.3080

Bitdefender

Trojan.GenericKDZ.27589

1.0.20.820

Dr.Web

Trojan.DownLoader12.52144

9.0.1.0164

Emsisoft Anti-Malware

Trojan.GenericKDZ.27589

8.15.06.13.08

ESET NOD32

MSIL/Injector.FPT (variant)

9.11737

F-Secure

Trojan.GenericKDZ.27589

11.2015-13-06_7

G Data

Trojan.GenericKDZ.27589

15.6.25

IKARUS anti.virus

Trojan.MSIL.Injector

t3scan.1.9.5.0

Malwarebytes

Trojan.MSIL

v2015.06.13.08

MicroWorld eScan

Trojan.GenericKDZ.27589

16.0.0.492

nProtect

Trojan.GenericKDZ.27589

15.06.04.01

Rising Antivirus

PE:Trojan.MSIL.Injector!1.9E1B

23.00.65.15611

File size:

226.8 KB (232,216 bytes)

Product version:

0.0.0.0

Original file name:

0709414001433471794.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\server.exe

Digital Signature

Signed by:

Aruba

Authority:

Aruba

Valid from:

5/2/2015 6:35:12 PM

Valid to:

5/1/2016 6:35:12 PM

Subject:

E=N@A.com, CN=www.cdcert.caked, OU=Aruba, L=Aruba, O=Aruba, S=American, C=aw

Issuer:

E=N@A.com, CN=www.cdcert.caked, OU=Aruba, L=Aruba, O=Aruba, S=American, C=aw

Serial number:

File PE Metadata

Compilation timestamp:

6/5/2015 4:39:45 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:625SzRrO35PCnLBtKN8h4euronWNtEdjTjSRk:f5SzRrO0nXKqqeur

Entry address:

0xE53E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

50 KB (51,200 bytes)

The file server.exe has been seen being distributed by the following URL.

http://www.msil.pw/panel/files/.../Server

Remove server.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.