home

tempserverr.exe

#BURHAN HACKER

The executable tempserverr.exe has been detected as malware by 16 anti-virus scanners. While running, it connects to the Internet address a.tribalfusion.com on port 80 using the HTTP protocol.
Product:
#BURHAN HACKER

Description:
SERVER WEB PRO

Version:
1.0.0.0

MD5:
fc0814a830273a97f20b936574e62645

SHA-1:
7299a84602de6b4c22d2f9b6ec0fb9b15a4cd2e0

SHA-256:
0b3342372456962e31a8d7cc05d3e1a18e0eb667c14f782a69fdf4202e98f62c

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
4/20/2024 1:18:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.586573
311

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

AhnLab V3 Security
Backdoor/Win32.Bladabindi
2016.03.19

Arcabit
Trojan.Kazy.D8F34D
1.0.0.662

avast!
Win32:GenMaliciousA-KPM [Trj]
2014.9-160330

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16330

Bitdefender
Gen:Variant.Kazy.586573
1.0.20.450

Emsisoft Anti-Malware
Gen:Variant.Kazy.586573
8.16.03.30.08

ESET NOD32
MSIL/Injector.FSL (variant)
10.13200

F-Secure
Gen:Variant.Kazy.586573
11.2016-30-03_4

G Data
Gen:Variant.Kazy.586573
16.3.25

K7 AntiVirus
Trojan
13.218.19046

Malwarebytes
Backdoor.Bot
v2016.03.30.08

MicroWorld eScan
Gen:Variant.Kazy.586573
17.0.0.270

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

Rising Antivirus
MSIL:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16328

File size:
27.5 KB (28,160 bytes)

Product version:
1.0.0.0

Copyright:
COPYRIGHT © 2015 WOLF HACKER# ALL RIGHTS RESERVE

Original file name:
SERVER WEB PRO.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\tempserverr.exe

File PE Metadata
Compilation timestamp:
3/18/2016 10:36:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:eFRz7/7CfDPCEtjKUmOII2PLk2458YKOD/OW/db2sTWZp9woTk:eFxTGfDqwmrDwUs4T

Entry address:
0x540E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.7703

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
13.5 KB (13,824 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to unallocated.barefruit.co.uk  (92.242.140.2:5552)

TCP (HTTP):
Connects to a.tribalfusion.com  (204.11.109.66:80)

TCP (HTTP):
Connects to tags.expo9.exponential.com  (204.11.109.77:80)

TCP (HTTP SSL):
Connects to ec2-54-88-144-196.compute-1.amazonaws.com  (54.88.144.196:443)

TCP (HTTP):
Connects to a72-247-95-24.deploy.akamaitechnologies.com  (72.247.95.24:80)

TCP (HTTP SSL):
Connects to a23-40-243-197.deploy.static.akamaitechnologies.com  (23.40.243.197:443)

TCP (HTTP SSL):
Connects to edge-atlas-shv-01-sjc2.facebook.com  (31.13.77.2:443)

TCP (HTTP):
Connects to a104-127-16-194.deploy.static.akamaitechnologies.com  (104.127.16.194:80)

TCP (HTTP):
Connects to ec2-54-255-228-44.ap-southeast-1.compute.amazonaws.com  (54.255.228.44:80)

TCP (HTTP SSL):
Connects to ec2-52-204-43-145.compute-1.amazonaws.com  (52.204.43.145:443)

TCP (HTTP):
Connects to ec2-52-193-64-208.ap-northeast-1.compute.amazonaws.com  (52.193.64.208:80)

TCP (HTTP):
Connects to a23-65-100-45.deploy.static.akamaitechnologies.com  (23.65.100.45:80)

Remove tempserverr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.