» 29442.exe
Overview
Analysis
File Details
Downloads (1)

29442.exe

The application 29442.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from fr7911jl.bget.ru.

File name:

29442.exe

MD5:

5c1a3895f528198157e950b1465141b3

SHA-1:

559f87527010c8fc15453d4cdcaacadb0068b04b

Scanner detections:

21 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

11/6/2024 9:45:44 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

RiskTool.BitCoinMiner

7.1.1

avast!

Win32:Malware-gen

2014.9-160118

AVG

BitCoinMiner.B

2017.0.2860

Baidu Antivirus

RiskTool.Win32.BitCoinMiner.11709667.1.silent.hw_07012013

4.0.3.16118

Comodo Security

ApplicUnsaf.Win32.RiskTool.BitCoinMiner.FOQ

17067

Dr.Web

Tool.BtcMine.132

9.0.1.018

ESET NOD32

VBS/CoinMiner.AE

10.8886

Fortinet FortiGate

Riskware/BitCoinMiner

1/18/2016

IKARUS anti.virus

not-a-virus:RiskTool.Win32.BitCoinMiner

t3scan.2.0.127

K7 AntiVirus

Riskware

13.173.9807

Kaspersky

not-a-virus:RiskTool.Win32.BitCoinMiner

14.0.0.796

Malwarebytes

PUP.BitcoinMiner

v2016.01.18.08

McAfee

Artemis!5C1A3895F528

5600.6516

NANO AntiVirus

Riskware.Win32.BtcMine.cgwxtn

0.26.0.55203

Norman

BitCoin.L

11.20160118

Panda Antivirus

Suspicious file

16.01.18.08

Quick Heal

BAT/Lashtorm.B

1.16.12.00

Sophos

Generic PUA FF

4.93

Trend Micro House Call

TROJ_GEN.F0C2C00J213

7.2.18

Trend Micro

TROJ_GEN.F0C2C00J213

10.465.18

VIPRE Antivirus

Trojan.Win32.Generic

22166

File size:

1.2 MB (1,282,117 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\29442.exe

File PE Metadata

Compilation timestamp:

6/9/2012 10:19:49 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:/2O/GlQeWIH2ZZiWROcbUaTNi7+PcUFy3myxiXdVVAZ8+0CEkJ49f:kL64cQ7+PcMy2a7Z8+0Mo

Entry address:

0xAC87

Entry point:

E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00... 
[+]

Code size:

73 KB (74,752 bytes)

The file 29442.exe has been seen being distributed by the following URL.

http://fr7911jl.bget.ru/jDK6Q9Uift.exe

Remove 29442.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.