» ServerManager.exe
Overview
Analysis
File Details
Behaviors (1)

ServerManager.exe

Hangzhou Shunwang Information Technology Co., Ltd

It runs as a separate (within the context of its own process) windows Service named “iCafe8 Information Server Manager Service”.

File name:

ServerManager.exe

Publisher:

Hangzhou Shunwang Information Technology Co., Ltd (signed and verified)

Product:

ServerManager.exe

Version:

2010, 12, 7, 1

MD5:

2144f1ac42858567f570fe559b480f71

SHA-1:

a20a0b37043d30844a5cb466bce6b0a71a781594

SHA-256:

3e9e32addb033174251f582d67d44def2b3df5b2ad7ca294d81948e85cbe0982

Scanner detections:

10 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/18/2024 6:56:18 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.FirewallBypass.sq1@am8iOFdj

508

Agnitum Outpost

Trojan.FirewallBypass

7.1.1

Bitdefender

Gen:Trojan.FirewallBypass.sq1@am8iOFdj

1.0.20.1290

Comodo Security

UnclassifiedMalware

20801

Emsisoft Anti-Malware

Gen:Trojan.FirewallBypass.sq1@am8iOFdj

8.15.09.15.01

G Data

Gen:Trojan.FirewallBypass.sq1@am8iOFdj

15.9.24

IKARUS anti.virus

Trojan.Win32.FirewallBypass

t3scan.1.8.6.0

McAfee

Artemis!2144F1AC4285

5600.6642

MicroWorld eScan

Gen:Trojan.FirewallBypass.sq1@am8iOFdj

16.0.0.774

ViRobot

Trojan.Win32.S.Agent.301136.A[h]

2014.3.20.0

File size:

294.1 KB (301,136 bytes)

Product version:

2, 0, 0, 1

Original file name:

ServerManager.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Digital Signature

Signed by:

Hangzhou Shunwang Information Technology Co., Ltd

Authority:

GlobalSign nv-sa

Valid from:

6/26/2009 12:34:08 PM

Valid to:

6/27/2011 12:34:04 PM

Subject:

CN="Hangzhou Shunwang Information Technology Co., Ltd", OU="Hangzhou Shunwang Information Technology Co., Ltd", O="Hangzhou Shunwang Information Technology Co., Ltd", C=CN

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

010000000001221B4097E0

File PE Metadata

Compilation timestamp:

12/7/2010 11:26:02 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

3072:DMrBGYK4HhQ0dy2JSwffEG2FhL77q8CDv998mUxACDDcCddFWyUdQi9wlqdFOD4w:DYVBQOhTffEGGhL7o7dA1dyy88lqdZ

Entry address:

0x223C1

Entry point:

E8, D5, C6, 00, 00, E9, A4, FE, FF, FF, 6A, 0C, 68, E8, 3E, 44, 00, E8, 7D, 0F, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 44, C9, 44, 00, 77, 22, 6A, 04, E8, F6, B7, 00, 00, 59, 83, 65, FC, 00, 56, E8, 18, CF, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 89, 0F, 00, 00, C3, 6A, 04, E8, F1, B6, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, D8, 90, 43, 00, 83, 3D, 5C, C8, 44, 00, 00, 75, 18, E8, 1C, 88, 00... 
[+]

Entropy:

6.4926

Code size:

224 KB (229,376 bytes)

Service

Display name:

iCafe8 Information Server Manager Service

Service name:

servermanager

Type:

Win32OwnProcess

Scan ServerManager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.