awh8aba.tmp

Setup

Open Source

The file awh8aba.tmp has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from setup-14b7.kxcdn.com.
Publisher:
Open Source

Product:
Setup

Version:
1.2

MD5:
b8515f43a917188d05d632b822f9b032

SHA-1:
5fe1415c18fcc8c510880aa913dae684ea8f2f0f

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
12/26/2024 11:14:32 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/BitCoinMiner.4628256
8.3.2.2

avast!
Multi:BitCoinMiner-B [PUP]
2014.9-151114

AVG
Generic
2016.0.2926

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.151114

Clam AntiVirus
Win.Trojan.Bitcoinminer-100
0.98/21511

Dr.Web
Trojan.BtcMine.725
9.0.1.0318

ESET NOD32
Win32/BitCoinMiner.BY potentially unsafe (variant)
9.12482

Fortinet FortiGate
Riskware/BitCoinMiner
11/14/2015

G Data
Archive.Application.Agent.QSCHHO
15.11.25

IKARUS anti.virus
PUA.BitCoinMiner
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.212.17685

Kaspersky
not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner
14.0.0.1125

McAfee
Artemis!B8515F43A917
5600.6582

Panda Antivirus
Trj/CI.A
15.11.14.12

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1015

Quick Heal
RiskTool.BitCoinMin.09327
11.15.14.00

Sophos
CpuMiner (PUA)
4.98

Trend Micro
TROJ_GE.F5D16A89
10.465.14

VIPRE Antivirus
RiskTool.Win32.BitCoinMiner (not malicious)
44892

ViRobot
Adware.Bitcoinminer.4288816[h]
2014.3.20.0

File size:
4.1 MB (4,288,816 bytes)

Product version:
1.2

Copyright:
2015 - Open Source

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\awh8aba.tmp

The file awh8aba.tmp has been seen being distributed by the following URL.

Remove awh8aba.tmp - Powered by Reason Core Security