home

apts.exe

System

The application apts.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from s1.directxex.com.
Publisher:
Microsoft*  (Invalid match)

Product:
System

Version:
1.00

MD5:
2210ddc309814859b67f9db1a033564a

SHA-1:
55822cdb8612c3a833bc93ea7a2b09b59a02d854

SHA-256:
b64a8b6244f523a8fdc91cd826c8cff9d7fe9af34e28bb84c74e336774ef1d60

Scanner detections:
31 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/30/2024 3:29:33 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Application.BitCoinMiner.CO
786

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Agnitum Outpost
Riskware.BitCoinMiner
7.1.1

AhnLab V3 Security
Spyware/Win32.KeyLogger
2014.11.07

Avira AntiVirus
TR/Drop.Agent.hzidu.9
7.11.183.134

avast!
Win64:PUP-gen [PUP]
2014.9-141210

AVG
CoinMiner
2015.0.3264

Baidu Antivirus
Hacktool.Win64.BitCoinMiner
4.0.3.141210

Bitdefender
Dropped:Application.BitCoinMiner.CO
1.0.20.1720

Comodo Security
TrojWare.Win32.Ransom.Blocker.DLTK
20007

Dr.Web
Tool.BtcMine.211
9.0.1.0344

ESET NOD32
Win32/CoinMiner.JG
8.10682

Fortinet FortiGate
Riskware/Win64_BitCoinMiner
12/10/2014

F-Secure
Dropped:Application.BitCoinMiner.CO
11.2014-10-12_4

G Data
Dropped:Application.BitCoinMiner.CO
14.12.24

IKARUS anti.virus
Application.BitCoinMiner
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.13930

Kaspersky
not-a-virus:RiskTool.Win64.BitCoinMiner
14.0.0.2817

Malwarebytes
Trojan.Dropper.BCM
v2014.12.10.02

McAfee
Artemis!2210DDC30981
5600.6920

Microsoft Security Essentials
Trojan:Win32/Radyoork.D
1.11104

MicroWorld eScan
Dropped:Application.BitCoinMiner.CO
15.0.0.1032

NANO AntiVirus
Riskware.Win64.BtcMine.cyuuqs
0.28.6.62995

Qihoo 360 Security
Win32/Trojan.880
1.0.0.1015

Quick Heal
RiskTool.BitCoinMiner.r3
12.14.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.11.12

Sophos
Bitcoin Miner
4.98

Trend Micro House Call
TROJ_DROPPER.GTR
7.2.344

Trend Micro
TROJ_DROPPER.GTR
10.465.10

VIPRE Antivirus
FraudTool.Win32.FakeVimes!VB
34566

Zillya! Antivirus
Trojan.CoinMiner.Win64.12
2.0.0.1976

File size:
152 KB (155,648 bytes)

Product version:
1.00

Original file name:
pts.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\apts.exe

File PE Metadata
Compilation timestamp:
1/21/2014 3:54:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:sx7a22TanOmltxdAW7uIHeYEtfJ5dNHcu5g:nanOmlt8ZI+YOB5dNy

Entry address:
0x1344

Entry point:
68, D4, 14, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 97, A5, 69, 19, 8D, CE, 12, 46, B9, 1B, 30, E2, 1F, 48, 03, 13, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 44, 69, 6D, 20, 6C, 50, 53, 79, 73, 74, 65, 6D, 00, 73, 00, 00, 00, 00, FF, CC, 31, 00, 01, 11, 6A, 59, 1A, AF, EC, 6C, 4E, 89, 84, 07, 4E, 28, 79, D6, 8E, 07, 4D, 43, 5E, F3, F8, 96, 46, BD, 2B, F9, 25, 73, 24, 76, 8F, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
12 KB (12,288 bytes)

The file apts.exe has been seen being distributed by the following URL.

http://s1.directxex.com/.../gC7Z6u25XaGo9B1QGQlsGVqaMPNWHFBp6xP8XYxJ2eNSg4gETa2y2sO6ODZaj36n7sWJ44Km0X6sgh73geTEY8XCUHsCZmAhhqFI

Remove apts.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.