» server.exe
Overview
Analysis
File Details

server.exe

Emsisoft Anti-Malware

Emsisoft GmbH

The executable server.exe has been detected as malware by 31 anti-virus scanners.

File name:

server.exe

Publisher:

Emsisoft GmbH

Product:

Emsisoft Anti-Malware

Description:

Security Center

Version:

8.1.0.33

MD5:

faf16e9916d18c7f3f962273cda44455

SHA-1:

7e6010e4467cf59ae556f701c155764e696f438a

SHA-256:

9a0e4eb84a0639ff9cacd1544a172cda4ba346ed540893674fbbe84e8129a042

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

4/26/2024 6:04:09 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1591297

1017

Avira AntiVirus

TR/Agent.cada.29844

7.11.136.204

avast!

Win32:Malware-gen

2014.9-140423

AVG

Generic10_c

2015.0.3495

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.14423

Bitdefender

Trojan.GenericKD.1591297

1.0.20.565

Bkav FE

HW32.CDB

1.3.0.4959

Comodo Security

UnclassifiedMalware

17922

Dr.Web

Trojan.MulDrop5.11920

9.0.1.0113

Emsisoft Anti-Malware

Trojan.GenericKD.1591297

8.14.04.23.09

ESET NOD32

Win32/Injector.AVSA (variant)

8.9537

Fortinet FortiGate

W32/Injector.AVSA!tr

4/23/2014

F-Secure

Trojan.GenericKD.1591297

11.2014-23-04_4

G Data

Trojan.GenericKD.1591297

14.4.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.2.2.29

K7 AntiVirus

Trojan

13.176.11436

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3971

Malwarebytes

Backdoor.Bot

v2014.04.23.09

McAfee

Artemis!FAF16E9916D1

5600.7151

Microsoft Security Essentials

Trojan:Win32/Napolar.A

1.10302

MicroWorld eScan

Trojan.GenericKD.1591297

15.0.0.339

Norman

Troj_Generic.SVFXE

11.20140423

nProtect

Trojan.GenericKD.1591297

14.03.13.01

Panda Antivirus

Trj/CI.A

14.04.23.09

Quick Heal

Trojan.Injector.asd

4.14.12.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.F0C2C00C514

7.2.113

Trend Micro

TROJ_GEN.F0C2C00C514

10.465.23

VIPRE Antivirus

Packed.Win32.PePatch.a

27326

ViRobot

Trojan.Win32.S.Agent.1589248.A

2011.4.7.4223

XVirus List

Win32.Detected

2.4.23

File size:

1.5 MB (1,589,248 bytes)

Product version:

8.1.0.0

Original file name:

a2start.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\8c32c0fa\server.exe

File PE Metadata

Compilation timestamp:

1/17/2014 6:42:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

83.82

CTPH (ssdeep):

24576:vKd53KtzYlLNbOt30uJWwQ8/anQp73xGPh2sVk6FLUAC8JUvE1555rviidLskc19:STiL3VFWxklTYwIomqZr3dVy//at

Entry address:

0xCF000

Entry point:

60, E8, 00, 00, 00, 00, 5D, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB, 0F, B8, EB, 07, B9, EB, 0F, 90, EB, 08, FD, EB, 0B, F2, EB, F5, EB, F6, F2, EB, 08, FD, EB, E9, F3, EB, E4, FC, E9, 9D, 0F, C9, 8B, CA, F7, D1, 59, 58, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB, 0F, B8, EB, 07, B9, EB, 0F, 90, EB, 08, FD, EB, 0B, F2, EB, F5, EB, F6, F2, EB, 08, FD, EB, E9, F3, EB, E4, FC, E9, 9D, 0F, C9, 8B, CA, F7, D1, 59, 58, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB... 
[+]

Entropy:

7.8554

Packer / compiler:

ASPack v1.08.04

Code size:

708 KB (724,992 bytes)

Remove server.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.