File Search: 

ThreatExpert's awareness of the file "server.exe":

Across all ThreatExpert reports, the file "server.exe" was mostly identified as a threat.
File "server.exe" has the following statistics:
Total number of reports analysed611,932
Number of cases that involved the file "server.exe"5,510
Number of incidents when this file was found to be a threat4,906
Statistical volume of cases when "server.exe" was a threat89%
Please enable javascript to display the chart.
Notes:
  • Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
  • In order to check a file, please submit it to ThreatExpert.
  • For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.
The file "server.exe" is known to be created under the following filenames:
%AllUsersProfile%\cncdown.exe
%AllUsersProfile%\sofware.exe
%AppData%\%username%.task\chasnah.exe
%AppData%\%username%.task\csrss.exe
%AppData%\%username%.task\lsass.exe
%AppData%\%username%.task\server.exe
%AppData%\%username%.task\smss.exe
%AppData%\1.exe
%AppData%\bifrost\server.exe
%AppData%\blaah.exe
%AppData%\calc.exe
%AppData%\codecsetup.exe
%AppData%\codecsetup3788.exe
%AppData%\codecsetup4127.exe
%AppData%\codecsetup6400.exe
%AppData%\codecsetup8536.exe
%AppData%\cp_setup_assist.exe
%AppData%\cuda.exe
%AppData%\dealassistant\dauninstall.exe
%AppData%\digifast\dfuninstall.exe
%AppData%\frost\server.exe
%AppData%\ftpd.exe
%AppData%\hose.exe
%AppData%\ijango_toolbar_installer.exe
%AppData%\ldr.exe
%AppData%\microsoft\csrss.exe
%AppData%\microsoft\dtsc\t.exe
%AppData%\microsoft\office71\vhchk.exe
%AppData%\microsoft\svchost.exe
%AppData%\microsoft\windows\ernsjyi.exe
%AppData%\microsoft\windows\jjcmdrj.exe
%AppData%\microsoft\windows\nheste.exe
%AppData%\microsoft\windows\nxmwp.exe
%AppData%\microsoft\windows\rwmgh.exe
%AppData%\microsoft\windows\security\user0.exe
%AppData%\microsoft\windows\tbljxjk.exe
%AppData%\microsoft\windows\vohth.exe
%AppData%\microsoft\windows\vvpmyvaw.exe
%AppData%\microsoft\winlog.exe
%AppData%\microsoft\winlogg.exe
%AppData%\microsoft\winlogon.exe
%AppData%\mxplay\temp\mxplay_installer.exe
%AppData%\ntcom.dll
%AppData%\nthead.dll
%AppData%\pak-5593.exe
%AppData%\pak-5594.exe
%AppData%\pak-5595.exe
%AppData%\pak-5596.exe
%AppData%\pak-5597.exe
%AppData%\pak-5598.exe
%AppData%\pak-5599.exe
%AppData%\pak-5600.exe
%AppData%\pak-5601.exe
%AppData%\pak-5602.exe
%AppData%\pak-5603.exe
%AppData%\salehoo\auctionalert\_tmp\aa.exe
%AppData%\salehoo\salehooalert\_tmp\aa.exe
%AppData%\scvhost.exe
%AppData%\server.exe
%AppData%\silverlight\silverlight.exe
%AppData%\skynet\muonline\_cw0srv.exe
%AppData%\skynet\muonline\234672.exe
%AppData%\skynet\muonline\239874.exe
%AppData%\skynet\muonline\293874.exe
%AppData%\skynet\muonline\345674.exe
%AppData%\skynet\muonline\345676.exe
%AppData%\skynet\muonline\435627.exe
%AppData%\skynet\muonline\543978.exe
%AppData%\skynet\muonline\546783.exe
%AppData%\speedrunner\sruninstall.exe
%AppData%\svchost.exe
%AppData%\system of pc\server.exe
%AppData%\system\win.exe
%AppData%\system32\server.exe
%AppData%\temp.dll
%AppData%\temp\eixplorer.exe
%AppData%\truesword4.exe
%AppData%\update.exe
%AppData%\wefisetup.exe
%AppData%\win.exe
%AppData%\winbutler\winbuninstaller.exe
%AppData%\winbutler\winbutler.exe
%AppData%\windows defendr\server.exe
%AppData%\windows update\winupdate.exe
%AppData%\windows.exe
%AppData%\windows\csrss.exe
%AppData%\windows\lsass.exe
%AppData%\windows\services.exe
%AppData%\windows\smss.exe
%AppData%\windows\winlogon.exe
%AppData%\wintouch\wintouch.exe
%AppData%\wintouch\wtuninstaller.exe
%AppData%\wrar380d.exe
%AppData%\yeah\yeah374809.exe
%CommonAppData%\38001914.exe
%CommonAppData%\3810eef8.exe
%CommonAppData%\381751d0.exe
%CommonAppData%\388f0900.exe
%CommonAppData%\38d3ff69.exe
%CommonAppData%\3gp.exe
Notes:
  • %AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The file "server.exe" has the following possible countries of origin:
OriginNumber of Incidents
Sweden464
Germany205
Spain181
Portugal155
China30
United Kingdom16
Brazil5
Switzerland4
Turkey4
France3
Netherlands2
Taiwan2
Egypt1
Israel1
Poland1
Russian Federation1
Thailand1

The following threats are known to be associated with the file "server.exe":
Threat AliasNumber of Incidents
Backdoor.Trojan [Symantec]1,382
Backdoor:Win32/Bifrose.AE [Microsoft]1,079
Backdoor.Bifrose [Symantec]920
Trojan Horse [Symantec]902
BackDoor-CEP.svr [McAfee]768
Win32/IRCBot.worm.variant [AhnLab]600
BackDoor-CEP.gen.g [McAfee]598
Backdoor.Win32.Bifrose [Ikarus]575
BackDoor-DVR [McAfee]566
Infostealer [Symantec]512
Backdoor.Win32.IRCBot [Ikarus]511
Backdoor.Win32.IRCBot.jvw [Kaspersky Lab]501
Backdoor:Win32/Bifrose.ACI [Microsoft]497
Win-Trojan/Midgare.32256 [AhnLab]474
VirTool:Win32/CeeInject.gen!R [Microsoft]454
Mal/Inject-M [Sophos]444
Virus.Win32.Bifrose [Ikarus]406
Trojan.Win32.Agent.bcn [Kaspersky Lab]401
Trojan:Win32/Midgare.A [Microsoft]387
Backdoor.Win32.Bifrose.fpb [Kaspersky Lab]379
Backdoor.IRCBot!sd6 [PC Tools]371
Trojan.Midgare.hhn [PC Tools]370
BKDR_AHZE.NY [Trend Micro]342
Win-Trojan/Bifrose.29053 [AhnLab]336
Trojan.Dropper [Symantec]328
BKDR_AHZE.SMM [Trend Micro]322
Mal/Generic-A [Sophos]308
BackDoor-CEP [McAfee]294
BKDR_BIFROSE.AFU [Trend Micro]286
VirTool:Win32/Injector.gen!AG [Microsoft]265
Backdoor.Bifrose [PC Tools]262
VirTool.Win32.Injector [Ikarus]241
Virus.Trojan.Win32.Midgare [Ikarus]225
Mal/EncPk-FL [Sophos]221
BackDoor-CEP.gen.a [McAfee]219
VirTool:Win32/Injector.gen!R [Microsoft]218
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]211
Backdoor.Trojan [PC Tools]206
BackDoor-CEP.gen.av [McAfee]204
Trojan-PSW.Generic [PC Tools]183
Mal/EncPk-FH [Sophos]181
Win-Trojan/Xema.variant [AhnLab]175
Trojan.Agent.CZZK [PC Tools]171
Backdoor:Win32/Agent.CQ [Microsoft]164
Backdoor.Win32.Bifrose.fsi [Kaspersky Lab]163
Troj/Agent-JZZ [Sophos]162
BKDR_BIFROSE.MIC [Trend Micro]161
VirTool:Win32/CeeInject.gen!J [Microsoft]156
VirTool.Win32.CeeInject [Ikarus]155
Backdoor.Bifrose!sd6 [PC Tools]153
Trojan.Win32.Midgare [Ikarus]150
Suspicious.MH690 [Symantec]145
Trojan.Generic [PC Tools]138
Backdoor:Win32/Bifrose.EY [Microsoft]119
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]116
Suspicious.Bifrose [Symantec]109
Mal/Bifrose-R, Mal/Bifrose-G, Mal/Bifrose-D, Mal/Bifrose-A, Mal/Bifrose-E [Sophos]108
Mal/Bckdr-C, Mal/Inject-M [Sophos]104
Downloader [Symantec]102
Trojan.Midgare!sd6 [PC Tools]102
Backdoor.Win32.Bifrose.aci [Kaspersky Lab]99
BackDoor-CEP.gen.am [McAfee]95
Mal/Bifrose-G, Mal/Bifrose-D, Mal/Bifrose-A, Mal/Bifrose-E [Sophos]94
VirTool:Win32/DelfInject.gen!AA [Microsoft]94
Backdoor.IRC.Bot [Symantec]91
BKDR_AGENT.XQB [Trend Micro]89
VirTool:Win32/DelfInject.gen!N [Microsoft]89
Mal/Generic-E, Mal/EncPk-FH [Sophos]88
VirTool.Win32.VBInject [Ikarus]86
BKDR_BIFROSE.AQR [Trend Micro]84
Troj/Agent-HTK [Sophos]84
Win-Trojan/Injector.40829 [AhnLab]82
Generic.dx [McAfee]81
Troj/LdPinch-RT [Sophos]80
Troj/Refroso-D [Sophos]80
Trojan.Win32.Midgare.fcz [Kaspersky Lab]80
Backdoor.Win32.IRCBot.irl [Kaspersky Lab]78
Backdoor:Win32/Bifrose [Microsoft]78
VirTool:Win32/Injector.gen!W [Microsoft]78
BKDR_BIFROSE.FG [Trend Micro]76
Mal/Bifrose-Z, Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]75
MultiDropper-RY [McAfee]75
VirTool.Win32.DelfInject [Ikarus]75
Troj/Bifrose-XG [Sophos]73
Troj/Bifrose-WC [Sophos]72
Trojan.Win32.Midgare.hhn [Kaspersky Lab]72
Backdoor.Win32.Bifrose.aosq [Kaspersky Lab]70
Backdoor-CEP.gen.q [McAfee]70
Backdoor.Bifrose.AHY [PC Tools]69
TROJ_BUZUS.TCC [Trend Micro]68
Virus.Win32.Injector [Ikarus]68
VirTool:Win32/VBInject.gen!AN [Microsoft]66
Win-Trojan/Agent.39936.AP [AhnLab]66
Backdoor.Bifrose.EZC [PC Tools]65
VirTool:Win32/DelfInject.gen!L [Microsoft]65
Virus:Win32/Sality.AM [Microsoft]65
Virus.Win32.Buzus [Ikarus]64
Backdoor.Win32.Bifrose.fms [Kaspersky Lab]63
VirTool:Win32/VBInject.gen!U [Microsoft]62
Backdoor:Win32/Agent [Microsoft]61