» server.exe
Overview
Analysis
File Details

server.exe

The executable server.exe has been detected as malware by 29 anti-virus scanners.

File name:

server.exe

MD5:

1b9e2b6b8eb6dab110b4e7b0bf87ef5d

SHA-1:

b5a257fcfd767230ff40b4d16090a36df8545ae6

SHA-256:

ebfb10cb6bf39c74746026adb4079415bc2c6c1acbfd5c4d84d60ad943ad87d5

Scanner detections:

29 / 68

Status:

Malware

Explanation:

The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:

4/19/2024 5:53:52 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Keylogger.Delf.AO

896

AhnLab V3 Security

Backdoor/Win32.Trojan

2014.08.23

Avira AntiVirus

TR/ATRAPS.Gen

7.11.30.172

avast!

Win32:Turkojan-DL [Trj]

140813-1

AVG

Trojan horse BackDoor.Generic17.AZHS

2014.0.3986

Bitdefender

Trojan.Keylogger.Delf.AO

1.0.20.1170

Bkav FE

W32.CamiteI.Trojan

1.3.0.4959

Clam AntiVirus

Win.Trojan.Keylogger-3486

0.98/19300

Dr.Web

BackDoor.SchwarzeSonne.3

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Keylogger.Delf.AO

8.14.08.22.06

ESET NOD32

Win32/SchwarzeSonne.AW trojan

7.0.302.0

Fortinet FortiGate

W32/SchwarzeSonne.B!tr

8/22/2014

F-Secure

Trojan.Keylogger.Delf.AO

11.2014-22-08_6

G Data

Trojan.Keylogger.Delf.AO

14.8.24

IKARUS anti.virus

Trojan.Agent

t3scan.1.7.5.0

K7 AntiVirus

Trojan

13.183.13139

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3366

Malwarebytes

Trojan.Backdoor.DF

v2014.08.22.06

Microsoft Security Essentials

Threat.Undefined

1.181.345.0

MicroWorld eScan

Trojan.Keylogger.Delf.AO

15.0.0.702

NANO AntiVirus

Trojan.Win32.SchwarzeSonne.cqjoyz

0.28.2.61721

nProtect

Trojan/W32.Agent.671744.LB

14.08.22.01

Panda Antivirus

Generic Malware

14.08.22.06

Rising Antivirus

PE:Trojan.Win32.Generic.15A06691!362833553

23.00.65.14820

Sophos

Mal/Behav-010

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Keylogger

10405

Vba32 AntiVirus

BScope.Trojan-PSW.Game.7

3.12.26.3

VIPRE Antivirus

Threat.4726248

32210

Zillya! Antivirus

Trojan.SchwarzeSonne.Win32.291

2.0.0.1899

File size:

656 KB (671,744 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

8/18/2013 5:30:33 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:sssDmbGPamQ0V8cyJz76bRUwZXsU8FYT6FkvkzI8W8CeJTDR8Q9WkAA:7iEG80V8cyx76bRUwZieT6FkvOl7NH9B

Entry address:

0x92AF0

Entry point:

55, 8B, EC, 83, C4, F0, 53, 56, B8, 98, 0E, 49, 00, E8, C6, 4C, F7, FF, BE, 40, B8, 49, 00, BB, 08, BA, 49, 00, 33, C0, 55, 68, D9, 2D, 49, 00, 64, FF, 30, 64, 89, 20, B2, 01, A1, 28, C9, 47, 00, E8, 2A, 19, F7, FF, 89, 03, 68, D0, 07, 00, 00, E8, 0E, C0, F7, FF, B8, 04, BA, 49, 00, E8, A0, 7D, FF, FF, 84, C0, 0F, 84, E9, 01, 00, 00, BA, 70, B8, 49, 00, B9, 64, 00, 00, 00, A1, 04, BA, 49, 00, E8, 14, 83, FF, FF, A1, 70, B8, 49, 00, E8, BE, DF, FF, FF, A1, 74, B8, 49, 00, E8, 80, BF, FE, FF, A3, 70, 57, 49... 
[+]

Entropy:

6.6326

Developed / compiled with:

Microsoft Visual C++

Code size:

580.5 KB (594,432 bytes)

Remove server.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.