» svr.exe
Overview
Analysis
File Details
Behaviors (1)

svr.exe

Microsoft Windows Operating System

Even Balance, Inc.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable svr.exe has been detected as malware by 30 anti-virus scanners.

File name:

svr.exe

Publisher:

Microsoft Corporation (signed by Even Balance, Inc.)

Product:

Microsoft® Windows® Operating System

Version:

4.12.7

MD5:

2feb0f6a386a0604269fa6507d50cb4f

SHA-1:

409c9e2f241a56ef682edaeb31796408fc785ec2

SHA-256:

34b18566f61c830ba6abf08eb6dbf9b4dcd606fc7433ded68800da85f725dd75

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/25/2024 5:55:31 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.3785188

-35

AegisLab AV Signature

Troj.W32.Generic!c

2.1.4+

Avira AntiVirus

TR/Dropper.MSIL.nykuc

8.3.3.4

Arcabit

Trojan.Generic.D39C1E4

1.0.0.793

avast!

Win32:Malware-gen

2014.9-170311

AVG

MSIL10

2018.0.2443

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17311

Bitdefender

Trojan.GenericKD.3785188

1.0.20.350

Dr.Web

Trojan.PWS.Spy.19759

9.0.1.070

Emsisoft Anti-Malware

Trojan.GenericKD.3785188

8.17.03.11.05

ESET NOD32

MSIL/Injector.QII (variant)

11.14809

Fortinet FortiGate

MSIL/Injector.QII!tr

3/11/2017

F-Prot

W32/MSIL_Injector.DX.gen

v6.4.7.1.166

F-Secure

Trojan.GenericKD.3785188

11.2017-11-03_7

G Data

Trojan.GenericKD.3785188

17.3.25

IKARUS anti.virus

Trojan.MSIL.Injector

0.1.3.4

K7 AntiVirus

Trojan

13.248.22174

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1291

Malwarebytes

Trojan.Crypt

v2017.03.11.05

McAfee

Packed-HN!2FEB0F6A386A

5600.6099

Microsoft Security Essentials

Worm:Win32/Rebhip

1.1.13407.0

MicroWorld eScan

Trojan.GenericKD.3785188

18.0.0.210

NANO AntiVirus

Trojan.Win32.Recam.egzprk

1.0.70.14475

Panda Antivirus

Trj/CI.A

17.03.11.05

Quick Heal

Worm.Rebhip

3.17.14.00

Rising Antivirus

Trojan.Injector!8.C4-Yi9knO66rHU (cloud)

23.00.65.17309

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R01BC0DL116

7.2.70

Trend Micro

TROJ_GEN.R01BC0DL116

10.465.11

VIPRE Antivirus

Trojan.Win32.Generic

55414

File size:

590.4 KB (604,520 bytes)

Product version:

4.12.7

Original file name:

svr.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\svr.exe

Digital Signature

Signed by:

Even Balance, Inc.

Authority:

VeriSign, Inc.

Valid from:

1/16/2013 4:00:00 PM

Valid to:

2/16/2014 3:59:59 PM

Subject:

CN="Even Balance, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Even Balance, Inc.", L=Magnolia, S=Texas, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1C9525FC3BBEFAEE68FA17CE8CBADCA5

File PE Metadata

Compilation timestamp:

11/28/2016 3:31:08 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x88C3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.3075

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

540 KB (552,960 bytes)

InstalledComponents

Name:

{O6D1QD23-S2H5-468M-DSY7-LRW4D2O53EP0}

Remove svr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.