home

server.exe

The executable server.exe has been detected as malware by 34 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘0b0f9e2c4fb35b7d9179b974e9ee2420’. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.
MD5:
34b5946d6a9b2e8207a48c4ae79b7396

SHA-1:
ac064276f5e425697b94fde133a3b8c2d1eab0e0

SHA-256:
cbd07a6aabca924a84d2aacabe51e2d2f9f3b21212a6d56ae759a84bf32263ea

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
4/26/2024 8:32:06 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKDZ.24293
920

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Backdoor/Win32.Bladabindi
2014.08.20

Avira AntiVirus
TR/Dropper.Gen7
7.11.168.26

avast!
MSIL:GenMalicious-AV [Trj]
2014.9-140729

AVG
BackDoor.Generic18
2015.0.3398

Bitdefender
Trojan.GenericKDZ.24293
1.0.20.1050

Bkav FE
W32.KryptikYakesC.Trojan
1.3.0.4959

Comodo Security
Backdoor.MSIL.Bladabindi.A
19248

Dr.Web
BackDoor.Bladabindi.1056
9.0.1.0210

Emsisoft Anti-Malware
Trojan.GenericKDZ.24293
8.14.07.29.09

ESET NOD32
MSIL/Bladabindi.BH
8.10280

Fortinet FortiGate
MSIL/Bladabindi.Q!tr
7/29/2014

F-Prot
W32/MSIL_Bladabindi.G.gen
v6.4.7.1.166

F-Secure
Trojan.GenericKDZ.24293
11.2014-29-07_3

G Data
Trojan.GenericKDZ.24293
14.7.24

IKARUS anti.virus
Backdoor.MSIL
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13098

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3485

Malwarebytes
Backdoor.Bot
v2014.07.29.09

McAfee
BackDoor-FBIB!6C6E42DEA368
5600.7054

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AJ
1.10903

MicroWorld eScan
Trojan.GenericKDZ.24293
15.0.0.630

NANO AntiVirus
Trojan.Win32.DownLoader10.cvaozm
0.28.2.61721

Norman
Bladabindi.JQ
11.20140910

nProtect
Trojan/W32.Agent.24064.UI
14.08.19.01

Quick Heal
Backdoor.Bladabindi.AL3
9.14.14.00

Sophos
Troj/DotNet-P
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Bladabindi
10453

Total Defense
Win32/DotNetDl.A!generic
37.0.11130

Trend Micro House Call
BKDR_BLBINDI.SMN
7.2.210

Trend Micro
BKDR_BLBINDI.SMN
10.465.29

Vba32 AntiVirus
Trojan.MSIL.Disfa
3.12.26.3

VIPRE Antivirus
Backdoor.MSIL.Bladabindi.a
32358

File size:
22.5 KB (23,040 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\server.exe

File PE Metadata
Compilation timestamp:
7/30/2014 1:44:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:PMQ+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZvgv:bOaxVULRpcnu1

Entry address:
0x748E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.4412

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
21.5 KB (22,016 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
0b0f9e2c4fb35b7d9179b974e9ee2420

Command:
"C:\users\{user}\appdata\local\temp\server.exe"..


Remove server.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.