» 03.exe
Overview
Analysis
File Details
Downloads (2)

03.exe

Company

The application 03.exe, “NewProduct 1.00 Installation ” has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from download1469.mediafire.com and multiple other hosts.

File name:

03.exe

Publisher:

Company

Description:

NewProduct 1.00 Installation

Version:

1.00

MD5:

aeb5ebb88dc5f982f1d72373ba2251ba

SHA-1:

5eeea9a025a5866d106e1e76319716b5c3f51772

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

11/23/2024 10:02:00 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Program.RemoteAdmin.752

9.0.1.038

Fortinet FortiGate

Riskware/Sim

2/7/2016

Malwarebytes

Trojan.BitCoinMiner

v2016.02.07.08

Qihoo 360 Security

HEUR/QVM05.1.Malware.Gen

1.0.0.1015

Trend Micro House Call

Suspicious_GEN.F47V0104

7.2.38

File size:

838.5 KB (858,631 bytes)

Company

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\My documents\downloads\03.exe

File PE Metadata

Compilation timestamp:

6/20/1992 2:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:pAT8QE+kbmWqtHTBsz1jgoEilSA8Lx79c9BInQQnQ:pAI+wpUBszBgpSSAOx7epQQ

Entry address:

0x25468

Entry point:

55, 8B, EC, 83, C4, F0, B8, 88, 53, 42, 00, E8, 24, F2, FD, FF, B8, C8, 54, 42, 00, E8, 2A, 1C, FE, FF, 8B, 15, 40, 88, 42, 00, 89, 02, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, 48, 88, 42, 00, E8, E4, D3, FF, FF, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, DC, 87, 42, 00, E8, 7A, 64, FF, FF, A1, 40, 88, 42, 00, E8, AC, 4E, FE, FF, E8, DF, E0, FD, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8664

Developed / compiled with:

Microsoft Visual C++

Code size:

145.5 KB (148,992 bytes)

The file 03.exe has been seen being distributed by the following 2 URLs.

http://download1469.mediafire.com/faoef69b88ig/.../03.exe

http://download1207.mediafire.com/1ubfkw1zmixg/.../03.exe

Remove 03.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.