03.exe

Company

The application 03.exe, “NewProduct 1.00 Installation ” has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from download1469.mediafire.com and multiple other hosts.
Publisher:
Company

Description:
NewProduct 1.00 Installation

Version:
1.00

MD5:
aeb5ebb88dc5f982f1d72373ba2251ba

SHA-1:
5eeea9a025a5866d106e1e76319716b5c3f51772

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
12/26/2024 7:49:07 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Program.RemoteAdmin.752
9.0.1.038

Fortinet FortiGate
Riskware/Sim
2/7/2016

Malwarebytes
Trojan.BitCoinMiner
v2016.02.07.08

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V0104
7.2.38

File size:
838.5 KB (858,631 bytes)

Copyright:
Company

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\03.exe

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:pAT8QE+kbmWqtHTBsz1jgoEilSA8Lx79c9BInQQnQ:pAI+wpUBszBgpSSAOx7epQQ

Entry address:
0x25468

Entry point:
55, 8B, EC, 83, C4, F0, B8, 88, 53, 42, 00, E8, 24, F2, FD, FF, B8, C8, 54, 42, 00, E8, 2A, 1C, FE, FF, 8B, 15, 40, 88, 42, 00, 89, 02, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, 48, 88, 42, 00, E8, E4, D3, FF, FF, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, DC, 87, 42, 00, E8, 7A, 64, FF, FF, A1, 40, 88, 42, 00, E8, AC, 4E, FE, FF, E8, DF, E0, FD, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8664

Developed / compiled with:
Microsoft Visual C++

Code size:
145.5 KB (148,992 bytes)

The file 03.exe has been seen being distributed by the following 2 URLs.

http://download1469.mediafire.com/faoef69b88ig/.../03.exe

Remove 03.exe - Powered by Reason Core Security