» servt.exe
Overview
Analysis
File Details
Behaviors (1)
Network (6)

servt.exe

The executable servt.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘df4a9d03ff7c534eef982ba5e3ab0edc’. While running, it connects to the Internet address 156-147-255-141.dynip.ipjetable.net on port 5552.

File name:

servt.exe

MD5:

0c87150431e487468da45ea802c82627

SHA-1:

db29cfd1663579f8ab928d1a4c6b7447f5fb93fd

SHA-256:

fe278de6e685a795920c4544feaec7cbb6a8d4d2a69eb33cd106339cfdf9f950

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

11/21/2025 12:30:24 PM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Trojan.B-468

0.98/22984

Dr.Web

BackDoor.Bladabindi.13678

9.0.1.05190

ESET NOD32

MSIL/Bladabindi.BC trojan

6.3.12010.0

File size:

23.5 KB (24,064 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\servt.exe

File PE Metadata

Compilation timestamp:

2/1/2017 6:32:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x747E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.5197

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

21.5 KB (22,016 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

df4a9d03ff7c534eef982ba5e3ab0edc

Command:

"C:\users\{user}\appdata\roaming\servt.exe"..

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to win15.securedc.com (64.8.117.67:80)

TCP (HTTP):

Connects to host176.b5.trdns.com (77.245.148.176:80)

TCP:

Connects to 67-144-255-141.dynip.ipjetable.net (141.255.144.67:5552)

TCP:

Connects to 35-156-255-141.dynip.ipjetable.net (141.255.156.35:5552)

TCP:

Connects to 156-147-255-141.dynip.ipjetable.net (141.255.147.156:5552)

TCP:

Connects to 102-144-255-141.dynip.ipjetable.net (141.255.144.102:5552)

Remove servt.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.