» SQLBROWSER.EXE
Overview
Analysis
File Details
Behaviors (1)

SQLBROWSER.EXE

Microsoft SQL Server

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable SQLBROWSER.EXE, “SQL Browser Service EXE” has been detected as malware by 2 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “SQL Server Browser”.

File name:

SQLBROWSER.EXE

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft SQL Server

Description:

SQL Browser Service EXE

Version:

2005.090.5000.00

MD5:

bf83d7f2fa50574f421bb3347755e5d6

SHA-1:

cf8ae1cc49107f3fa5e274bed2a6aa3c944bc46b

SHA-256:

41dbde6e643f199233a7aeb4a51d43c2f639ef2d66aa785c1d3162cd3dbb7845

Scanner detections:

2 / 68

Status:

Malware

Analysis date:

4/28/2024 8:00:21 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Floxif.H virus

6.3.12010.0

F-Prot

W32/Floxif.B

4.6.5.141

File size:

309.8 KB (317,223 bytes)

Product version:

9.00.5000.00

Trademarks:

Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation

Original file name:

SQLBROWSER.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\microsoft sql server\90\shared\sqlbrowser.exe

File PE Metadata

Compilation timestamp:

12/11/2010 1:40:52 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

Entry address:

0x31976

Entry point:

E9, 63, F2, FD, FF, E9, 33, FD, FF, FF, CC, CC, CC, CC, CC, CC, FF, 25, 84, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 80, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 7C, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 78, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 74, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 70, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 6C, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 48, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 44, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 40, 12... 
[+]

Entropy:

5.6251

Packer / compiler:

Xtreme-Protector v1.05

Code size:

222.5 KB (227,840 bytes)

Service

Display name:

SQL Server Browser

Service name:

SQLBrowser

Description:

Provides SQL Server connection information to client computers.

Type:

Win32OwnProcess

Remove SQLBROWSER.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.