× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f15985a91b12e015812f7f960eb0abe03d0cd401f54d0088f75cb087776a297c
File name: server.exe
Detection ratio: 61 / 65
Analysis date: 2017-09-25 04:12:05 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.AROC 20170924
AegisLab Troj.W32.Llac!c 20170924
AhnLab-V3 Trojan/Win32.Llac.R1845 20170923
ALYac Trojan.Agent.AROC 20170924
Antiy-AVL Trojan/Win32.Llac.cxsz 20170924
Arcabit Trojan.Agent.AROC 20170924
Avast Win32:BackDoor-ACX [Trj] 20170924
AVG Win32:BackDoor-ACX [Trj] 20170924
Avira (no cloud) WORM/Rebhip.A.9877 20170923
AVware Trojan.Win32.Llac.bdm (v) 20170923
Baidu Win32.Trojan.Agent.co 20170922
BitDefender Trojan.Agent.AROC 20170924
CAT-QuickHeal Worm.Rebhip.A8 20170923
ClamAV Win.Trojan.Agent-36200 20170924
CMC Trojan.Win32.Llac!O 20170920
Comodo Backdoor.Win32.Delf.~DF 20170924
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170925
Cyren W32/Llac.GERG-2270 20170924
DrWeb Win32.HLLW.Autoruner.25074 20170924
Emsisoft Trojan.Agent.AROC (B) 20170924
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Spatet.I 20170924
F-Prot W32/Llac.L 20170924
F-Secure Trojan.Agent.AROC 20170924
Fortinet W32/Spatet.TRR!tr 20170924
GData Win32.Worm.Autorun.A@gen 20170924
Ikarus Trojan.Win32.Llac 20170924
Sophos ML heuristic 20170914
Jiangmin Trojan/Generic.aiia 20170924
K7AntiVirus Trojan ( 004b89cf1 ) 20170924
K7GW Trojan ( 004b89cf1 ) 20170924
Kaspersky Trojan.Win32.Llac.kzfi 20170924
Malwarebytes Trojan.PasswordStealer 20170924
MAX malware (ai score=100) 20170924
McAfee Generic PWS.sz 20170924
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20170924
Microsoft Worm:Win32/Rebhip.A 20170924
eScan Trojan.Agent.AROC 20170924
NANO-Antivirus Trojan.Win32.Llac.dsnuug 20170924
nProtect Trojan/W32.Hijack.303616.B 20170924
Panda Generic Malware 20170924
Qihoo-360 Trojan.Win32.Inject.B 20170925
Rising Worm.Rebhip!1.A338 (CLASSIC) 20170924
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Behav-328 20170923
SUPERAntiSpyware Trojan.Agent/Gen-Rebhip 20170924
Symantec W32.Spyrat 20170923
Tencent Trojan.Win32.FakePic.st 20170925
TheHacker Trojan/Llac.scm 20170921
TotalDefense Win32/Llac.AA 20170924
TrendMicro TSPY_LLAC.SM 20170924
TrendMicro-HouseCall TSPY_LLAC.SM 20170924
VBA32 Trojan.Llac 20170922
VIPRE Trojan.Win32.Llac.bdm (v) 20170924
ViRobot Trojan.Win32.A.Llac.296448 20170924
Webroot Worm:Win32/Rebhip.A 20170925
Yandex Worm.DR.Rebhip.Gen 20170908
Zillya Trojan.Llac.Win32.1411 20170922
ZoneAlarm by Check Point Trojan.Win32.Llac.kzfi 20170924
Zoner Trojan.Spatet.I 20170924
Alibaba 20170911
Avast-Mobile 20170923
Kingsoft 20170925
Palo Alto Networks (Known Signatures) 20170925
Symantec Mobile Insight 20170922
Trustlook 20170925
WhiteArmor 20170829
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000E1A8
Number of sections 8
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegCreateKeyA
CryptHashData
ConvertSidToStringSidA
CryptCreateHash
LookupAccountNameA
OpenProcessToken
LsaClose
RegOpenKeyExA
LsaOpenPolicy
CryptReleaseContext
CryptAcquireContextA
IsValidSid
GetUserNameA
CryptDestroyHash
LsaRetrievePrivateData
LsaFreeMemory
CryptGetHashParam
RegSetValueExA
RegEnumValueA
CredEnumerateA
CryptUnprotectData
GetLastError
GetStdHandle
EnterCriticalSection
WriteProcessMemory
VirtualAllocEx
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetPrivateProfileIntA
FreeLibrary
CopyFileA
ExitProcess
GetThreadLocale
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
CreateRemoteThread
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetPrivateProfileStringA
GetLocaleInfoA
LocalAlloc
OpenProcess
LockResource
CreateDirectoryA
DeleteFileA
UnhandledExceptionFilter
MultiByteToWideChar
ReadProcessMemory
GetCommandLineA
GetProcAddress
CreateMutexA
SetFilePointer
RaiseException
CloseHandle
WideCharToMultiByte
GetFileAttributesA
GetModuleHandleA
ReadFile
WriteFile
GetCurrentProcess
FindFirstFileA
GetExitCodeThread
GetCurrentThreadId
FreeResource
SetFileAttributesA
LocalFree
CreateProcessA
InitializeCriticalSection
LoadResource
VirtualFree
FindClose
TlsGetValue
Sleep
TlsSetValue
CreateFileA
GetTickCount
GetVersion
FindResourceA
VirtualAlloc
GetFileSize
LeaveCriticalSection
CoTaskMemFree
CoCreateInstance
OleInitialize
StringFromCLSID
SysReAllocStringLen
SysFreeString
SysAllocStringLen
PStoreCreateInstance
RasGetEntryDialParamsA
RasEnumEntriesA
SHGetSpecialFolderPathA
GetWindowThreadProcessId
CharLowerA
PeekMessageA
GetKeyboardState
SetWindowsHookExA
DispatchMessageA
CharNextA
MessageBoxA
ToAscii
wvsprintfA
TranslateMessage
FindWindowA
CharUpperA
GetKeyboardType
Number of PE resources by type
RT_ICON 3
RT_RCDATA 3
RT_GROUP_ICON 2
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
55808

LinkerVersion
2.25

EntryPoint
0xe1a8

InitializedDataSize
246784

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 527e63dfeb620953457b3a59706ad411
SHA1 cfd26988d55294870f2676117cf1307ca4acdf8d
SHA256 f15985a91b12e015812f7f960eb0abe03d0cd401f54d0088f75cb087776a297c
ssdeep
6144:/OpslFlqyhdBCkWYxuukP1pjSKSNVkq/MVJbJ:/wslvTBd47GLRMTbJ

authentihash 40e00e2c45a3e215e50126e0573bedb5cad7d9bd8d1c74f6416bfd9f7eb37b11
imphash af27d1ccae4b19fbc8ccd3f6805f8491
File size 296.5 KB ( 303616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-10 03:16:01 UTC ( 2 years, 5 months ago )
Last submission 2017-09-22 11:21:16 UTC ( 1 year, 3 months ago )
File names server.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Runtime DLLs
UDP communications