× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70da209712f8fd513df6e76100c861fc714e60f8e477db82de76767d27612d5d
File name: Server
Detection ratio: 40 / 53
Analysis date: 2015-12-30 22:21:03 UTC ( 1 year, 5 months ago )
Antivirus Result Update
Ad-Aware Generic.Malware.SFdld.5E631F1F 20151224
Yandex Trojan.Agent!3vZEZpnlU/Q 20151230
AhnLab-V3 Trojan/Win32.StartPage 20151230
Antiy-AVL Trojan/Win32.Agent.neshqu 20151230
Arcabit Generic.Malware.SFdld.5E631F1F 20151230
Avast Win32:MrBlack-A [Trj] 20151230
AVG Agent5.AEDG 20151230
Avira (no cloud) TR/Downloader.A.31664 20151230
AVware Trojan.Win32.Generic.pak!cobra 20151230
BitDefender Generic.Malware.SFdld.5E631F1F 20151230
CAT-QuickHeal Trojan.Servstart.016905 20151230
Comodo UnclassifiedMalware 20151230
Cyren W32/Downloader.EGKQ-2141 20151230
DrWeb Trojan.Mrblack.1 20151230
Emsisoft Generic.Malware.SFdld.5E631F1F (B) 20151230
ESET-NOD32 a variant of Win32/Agent.RHH 20151230
F-Secure Generic.Malware.SFdld.5E631F1F 20151230
Fortinet W32/Generic.AC.11653 20151230
GData Generic.Malware.SFdld.5E631F1F 20151230
Ikarus Trojan.Win32.ServStart 20151230
Jiangmin Trojan/Agent.insn 20151230
K7AntiVirus Trojan ( 0040f8a91 ) 20151230
K7GW Trojan ( 0040f8a91 ) 20151230
Kaspersky Trojan.Win32.Agent.neshqu 20151230
Malwarebytes Backdoor.Bot 20151230
McAfee GenericR-DZQ!612573B954FB 20151230
McAfee-GW-Edition GenericR-DZQ!612573B954FB 20151230
Microsoft Trojan:Win32/ServStart.H 20151230
eScan Generic.Malware.SFdld.5E631F1F 20151230
NANO-Antivirus Trojan.Win32.Agent.dtqsee 20151230
Panda Trj/Genetic.gen 20151230
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20151230
Sophos Mal/Generic-S 20151230
Symantec Downloader 20151230
TheHacker Trojan/Agent.rhh 20151230
TrendMicro WORM_NITOL.SMB0 20151230
TrendMicro-HouseCall WORM_NITOL.SMB0 20151230
VBA32 Trojan.Agent 20151230
VIPRE Trojan.Win32.Generic.pak!cobra 20151230
Zillya Trojan.Agent.Win32.555236 20151230
AegisLab 20151230
Alibaba 20151208
Baidu-International 20151230
Bkav 20151230
ByteHero 20151230
ClamAV 20151230
CMC 20151230
F-Prot 20151230
nProtect 20151230
SUPERAntiSpyware 20151230
TotalDefense 20151230
ViRobot 20151230
Zoner 20151230
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
????(C) 2015

Product ???? Server
Original name Server.dat
Internal name Server
File version 1, 0, 0, 1
Description Server
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-04 14:55:08
Entry Point 0x00003D8C
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
GetLastError
GetSystemInfo
WaitForSingleObject
CopyFileA
ExitProcess
LoadLibraryA
GetModuleFileNameA
GetCurrentProcess
GetCurrentProcessId
DeleteFileA
GetProcAddress
CreateMutexA
GetTempPathA
CreateThread
GetModuleHandleA
GetStartupInfoA
CloseHandle
ExitThread
MoveFileA
CreateProcessA
Sleep
GetTickCount
__p__fmode
rand
_ftol
memset
strcat
__dllonexit
printf
strlen
_except_handler3
??2@YAPAXI@Z
_onexit
_strrev
exit
_XcptFilter
__setusermatherr
_controlfp
localtime
_adjust_fdiv
_acmdln
__p__commode
??3@YAXPAX@Z
free
sprintf
atoi
__getmainargs
_initterm
strstr
memcpy
strcpy
time
_exit
__set_app_type
wsprintfA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
setsockopt
WSASocketA
htonl
socket
__WSAFDIsSet
recv
inet_addr
send
WSAStartup
gethostbyname
connect
sendto
htons
closesocket
select
GetIfTable
Number of PE resources by type
RT_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 3
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
7168

EntryPoint
0x3d8c

OriginalFileName
Server.dat

MIMEType
application/octet-stream

LegalCopyright
(C) 2015

FileVersion
1, 0, 0, 1

TimeStamp
2015:07:04 15:55:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Server

ProductVersion
1, 0, 0, 1

FileDescription
Server

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
12288

ProductName
Server

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 612573b954fbc208f7fb49a4c4b8a9e6
SHA1 33cc7cf62efc887f32b6aabac46519826e561674
SHA256 70da209712f8fd513df6e76100c861fc714e60f8e477db82de76767d27612d5d
ssdeep
384:krKHsC+tvOujtfIoe1D7xIOTrJM0+Q7nWTT15xXMo6O9OOuK+0vs:xsquy37xIO9+QKN5xXVC

authentihash a4011d5586025c6aefb9d63b75fc00b1032cd756312db7a552e0a1cece7587f4
imphash 960eab4960b983e0253ed8ee60fd0dc0
File size 20.0 KB ( 20480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-30 22:21:03 UTC ( 1 year, 5 months ago )
Last submission 2015-12-30 22:21:03 UTC ( 1 year, 5 months ago )
File names replace.exe
Server.dat
Server
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Moved files
Deleted files
Created processes
Created mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
TCP connections
UDP communications