ThreatExpert's awareness of the file "server.exe":

Across all ThreatExpert reports, the file "server.exe" was mostly identified as a threat.

File "server.exe" has the following statistics:

Total number of reports analysed	611,932
Number of cases that involved the file "server.exe"	5,510
Number of incidents when this file was found to be a threat	4,906
Statistical volume of cases when "server.exe" was a threat	89%

Please enable javascript to display the chart.

Notes:

Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
In order to check a file, please submit it to ThreatExpert.
For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.

The file "server.exe" is known to be created under the following filenames:

%AllUsersProfile%\cncdown.exe

%AllUsersProfile%\sofware.exe

%AppData%\%username%.task\chasnah.exe

%AppData%\%username%.task\csrss.exe

%AppData%\%username%.task\lsass.exe

%AppData%\%username%.task\server.exe

%AppData%\%username%.task\smss.exe

%AppData%\1.exe

%AppData%\bifrost\server.exe

%AppData%\blaah.exe

%AppData%\calc.exe

%AppData%\codecsetup.exe

%AppData%\codecsetup3788.exe

%AppData%\codecsetup4127.exe

%AppData%\codecsetup6400.exe

%AppData%\codecsetup8536.exe

%AppData%\cp_setup_assist.exe

%AppData%\cuda.exe

%AppData%\dealassistant\dauninstall.exe

%AppData%\digifast\dfuninstall.exe

%AppData%\frost\server.exe

%AppData%\ftpd.exe

%AppData%\hose.exe

%AppData%\ijango_toolbar_installer.exe

%AppData%\ldr.exe

%AppData%\microsoft\csrss.exe

%AppData%\microsoft\dtsc\t.exe

%AppData%\microsoft\office71\vhchk.exe

%AppData%\microsoft\svchost.exe

%AppData%\microsoft\windows\ernsjyi.exe

%AppData%\microsoft\windows\jjcmdrj.exe

%AppData%\microsoft\windows\nheste.exe

%AppData%\microsoft\windows\nxmwp.exe

%AppData%\microsoft\windows\rwmgh.exe

%AppData%\microsoft\windows\security\user0.exe

%AppData%\microsoft\windows\tbljxjk.exe

%AppData%\microsoft\windows\vohth.exe

%AppData%\microsoft\windows\vvpmyvaw.exe

%AppData%\microsoft\winlog.exe

%AppData%\microsoft\winlogg.exe

%AppData%\microsoft\winlogon.exe

%AppData%\mxplay\temp\mxplay_installer.exe

%AppData%\ntcom.dll

%AppData%\nthead.dll

%AppData%\pak-5593.exe

%AppData%\pak-5594.exe

%AppData%\pak-5595.exe

%AppData%\pak-5596.exe

%AppData%\pak-5597.exe

%AppData%\pak-5598.exe

%AppData%\pak-5599.exe

%AppData%\pak-5600.exe

%AppData%\pak-5601.exe

%AppData%\pak-5602.exe

%AppData%\pak-5603.exe

%AppData%\salehoo\auctionalert\_tmp\aa.exe

%AppData%\salehoo\salehooalert\_tmp\aa.exe

%AppData%\scvhost.exe

%AppData%\server.exe

%AppData%\silverlight\silverlight.exe

%AppData%\skynet\muonline\_cw0srv.exe

%AppData%\skynet\muonline\234672.exe

%AppData%\skynet\muonline\239874.exe

%AppData%\skynet\muonline\293874.exe

%AppData%\skynet\muonline\345674.exe

%AppData%\skynet\muonline\345676.exe

%AppData%\skynet\muonline\435627.exe

%AppData%\skynet\muonline\543978.exe

%AppData%\skynet\muonline\546783.exe

%AppData%\speedrunner\sruninstall.exe

%AppData%\svchost.exe

%AppData%\system of pc\server.exe

%AppData%\system\win.exe

%AppData%\system32\server.exe

%AppData%\temp.dll

%AppData%\temp\eixplorer.exe

%AppData%\truesword4.exe

%AppData%\update.exe

%AppData%\wefisetup.exe

%AppData%\win.exe

%AppData%\winbutler\winbuninstaller.exe

%AppData%\winbutler\winbutler.exe

%AppData%\windows defendr\server.exe

%AppData%\windows update\winupdate.exe

%AppData%\windows.exe

%AppData%\windows\csrss.exe

%AppData%\windows\lsass.exe

%AppData%\windows\services.exe

%AppData%\windows\smss.exe

%AppData%\windows\winlogon.exe

%AppData%\wintouch\wintouch.exe

%AppData%\wintouch\wtuninstaller.exe

%AppData%\wrar380d.exe

%AppData%\yeah\yeah374809.exe

%CommonAppData%\38001914.exe

%CommonAppData%\3810eef8.exe

%CommonAppData%\381751d0.exe

%CommonAppData%\388f0900.exe

%CommonAppData%\38d3ff69.exe

%CommonAppData%\3gp.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The file "server.exe" has the following possible countries of origin:

Origin		Number of Incidents
	Sweden	464
	Germany	205
	Spain	181
	Portugal	155
	China	30
	United Kingdom	16
	Brazil	5
	Switzerland	4
	Turkey	4
	France	3
	Netherlands	2
	Taiwan	2
	Egypt	1
	Israel	1
	Poland	1
	Russian Federation	1
	Thailand	1

The following threats are known to be associated with the file "server.exe":

Threat Alias	Number of Incidents
Backdoor.Trojan [Symantec]	1,382
Backdoor:Win32/Bifrose.AE [Microsoft]	1,079
Backdoor.Bifrose [Symantec]	920
Trojan Horse [Symantec]	902
BackDoor-CEP.svr [McAfee]	768
Win32/IRCBot.worm.variant [AhnLab]	600
BackDoor-CEP.gen.g [McAfee]	598
Backdoor.Win32.Bifrose [Ikarus]	575
BackDoor-DVR [McAfee]	566
Infostealer [Symantec]	512
Backdoor.Win32.IRCBot [Ikarus]	511
Backdoor.Win32.IRCBot.jvw [Kaspersky Lab]	501
Backdoor:Win32/Bifrose.ACI [Microsoft]	497
Win-Trojan/Midgare.32256 [AhnLab]	474
VirTool:Win32/CeeInject.gen!R [Microsoft]	454
Mal/Inject-M [Sophos]	444
Virus.Win32.Bifrose [Ikarus]	406
Trojan.Win32.Agent.bcn [Kaspersky Lab]	401
Trojan:Win32/Midgare.A [Microsoft]	387
Backdoor.Win32.Bifrose.fpb [Kaspersky Lab]	379
Backdoor.IRCBot!sd6 [PC Tools]	371
Trojan.Midgare.hhn [PC Tools]	370
BKDR_AHZE.NY [Trend Micro]	342
Win-Trojan/Bifrose.29053 [AhnLab]	336
Trojan.Dropper [Symantec]	328
BKDR_AHZE.SMM [Trend Micro]	322
Mal/Generic-A [Sophos]	308
BackDoor-CEP [McAfee]	294
BKDR_BIFROSE.AFU [Trend Micro]	286
VirTool:Win32/Injector.gen!AG [Microsoft]	265
Backdoor.Bifrose [PC Tools]	262
VirTool.Win32.Injector [Ikarus]	241
Virus.Trojan.Win32.Midgare [Ikarus]	225
Mal/EncPk-FL [Sophos]	221
BackDoor-CEP.gen.a [McAfee]	219
VirTool:Win32/Injector.gen!R [Microsoft]	218
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]	211
Backdoor.Trojan [PC Tools]	206
BackDoor-CEP.gen.av [McAfee]	204
Trojan-PSW.Generic [PC Tools]	183
Mal/EncPk-FH [Sophos]	181
Win-Trojan/Xema.variant [AhnLab]	175
Trojan.Agent.CZZK [PC Tools]	171
Backdoor:Win32/Agent.CQ [Microsoft]	164
Backdoor.Win32.Bifrose.fsi [Kaspersky Lab]	163
Troj/Agent-JZZ [Sophos]	162
BKDR_BIFROSE.MIC [Trend Micro]	161
VirTool:Win32/CeeInject.gen!J [Microsoft]	156
VirTool.Win32.CeeInject [Ikarus]	155
Backdoor.Bifrose!sd6 [PC Tools]	153
Trojan.Win32.Midgare [Ikarus]	150
Suspicious.MH690 [Symantec]	145
Trojan.Generic [PC Tools]	138
Backdoor:Win32/Bifrose.EY [Microsoft]	119
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]	116
Suspicious.Bifrose [Symantec]	109
Mal/Bifrose-R, Mal/Bifrose-G, Mal/Bifrose-D, Mal/Bifrose-A, Mal/Bifrose-E [Sophos]	108
Mal/Bckdr-C, Mal/Inject-M [Sophos]	104
Downloader [Symantec]	102
Trojan.Midgare!sd6 [PC Tools]	102
Backdoor.Win32.Bifrose.aci [Kaspersky Lab]	99
BackDoor-CEP.gen.am [McAfee]	95
Mal/Bifrose-G, Mal/Bifrose-D, Mal/Bifrose-A, Mal/Bifrose-E [Sophos]	94
VirTool:Win32/DelfInject.gen!AA [Microsoft]	94
Backdoor.IRC.Bot [Symantec]	91
BKDR_AGENT.XQB [Trend Micro]	89
VirTool:Win32/DelfInject.gen!N [Microsoft]	89
Mal/Generic-E, Mal/EncPk-FH [Sophos]	88
VirTool.Win32.VBInject [Ikarus]	86
BKDR_BIFROSE.AQR [Trend Micro]	84
Troj/Agent-HTK [Sophos]	84
Win-Trojan/Injector.40829 [AhnLab]	82
Generic.dx [McAfee]	81
Troj/LdPinch-RT [Sophos]	80
Troj/Refroso-D [Sophos]	80
Trojan.Win32.Midgare.fcz [Kaspersky Lab]	80
Backdoor.Win32.IRCBot.irl [Kaspersky Lab]	78
Backdoor:Win32/Bifrose [Microsoft]	78
VirTool:Win32/Injector.gen!W [Microsoft]	78
BKDR_BIFROSE.FG [Trend Micro]	76
Mal/Bifrose-Z, Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]	75
MultiDropper-RY [McAfee]	75
VirTool.Win32.DelfInject [Ikarus]	75
Troj/Bifrose-XG [Sophos]	73
Troj/Bifrose-WC [Sophos]	72
Trojan.Win32.Midgare.hhn [Kaspersky Lab]	72
Backdoor.Win32.Bifrose.aosq [Kaspersky Lab]	70
Backdoor-CEP.gen.q [McAfee]	70
Backdoor.Bifrose.AHY [PC Tools]	69
TROJ_BUZUS.TCC [Trend Micro]	68
Virus.Win32.Injector [Ikarus]	68
VirTool:Win32/VBInject.gen!AN [Microsoft]	66
Win-Trojan/Agent.39936.AP [AhnLab]	66
Backdoor.Bifrose.EZC [PC Tools]	65
VirTool:Win32/DelfInject.gen!L [Microsoft]	65
Virus:Win32/Sality.AM [Microsoft]	65
Virus.Win32.Buzus [Ikarus]	64
Backdoor.Win32.Bifrose.fms [Kaspersky Lab]	63
VirTool:Win32/VBInject.gen!U [Microsoft]	62
Backdoor:Win32/Agent [Microsoft]	61