cdn.exe

CPU Miner - Setup

LLC

The application cdn.exe by LLC has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn-14b7.kxcdn.com.
Publisher:
Open Source  (signed by LLC )

Product:
CPU Miner - Setup

Version:
1.1

MD5:
7f0823fecb91a7d3498e436deda3baab

SHA-1:
488816311cddeb8658b5f9093c60a225b2b960ab

SHA-256:
171f6056f0962c514e48fe8ade04aa8af92cb35e1f1c489cfd2b8d6506f33912

Scanner detections:
15 / 68

Status:
Adware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
12/27/2024 5:53:21 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.87902
559

Arcabit
Trojan.Strictor.D1575E
1.0.0.425

avast!
Multi:BitCoinMiner-B [PUP]
2014.9-150725

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.15725

Bitdefender
Gen:Variant.Strictor.87902
1.0.20.1030

Dr.Web
Trojan.BtcMine.711
9.0.1.0206

Emsisoft Anti-Malware
Gen:Variant.Strictor.87902
8.15.07.25.07

ESET NOD32
Win64/BitCoinMiner.AT potentially unsafe (variant)
9.11961

F-Secure
Gen:Variant.Strictor.87902
11.2015-25-07_7

G Data
Gen:Variant.Strictor.87902
15.7.25

McAfee
Artemis!B3A3CC8213A0
5600.6693

MicroWorld eScan
Gen:Variant.Strictor.87902
16.0.0.618

NANO AntiVirus
Riskware.Nsis.BitCoinMiner.dqgttf
0.30.24.2487

Panda Antivirus
Trj/CI.A
15.07.25.07

Reason Heuristics
PUP.Amonitize.OpenSource.Installer (M)
15.7.25.19

File size:
4.5 MB (4,716,280 bytes)

Product version:
1.1

Copyright:
2015 - Open Source

Original file name:
cpuminer.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\cdn.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/27/2015 1:00:00 AM

Valid to:
6/27/2016 12:59:59 AM

Subject:
CN="LLC ""SOFT-GLOBAL""", O="LLC ""SOFT-GLOBAL""", STREET="str. Zhelyabova, 8/4", L=Kiev, S=Kiev, PostalCode=03680, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B36870BF55993A07D317A20F776B7615

File PE Metadata
Compilation timestamp:
10/7/2014 5:40:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:BdmZtHZHeQ/1pohAL1yeENRgZoWxLu5zBJFKX8MNF+N:PmTZ+WCiR0NOoOLuHJFKXhcN

Entry address:
0x321A

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, F8, 1F, 7A, 00, E8, C0, 2D, 00, 00, A3, 44, 1F, 7A, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, F8, D4, 79, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, 40, 17, 7A, 00, E8, 6A, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 80, 7A, 00, 50, 55, E8, 58, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file cdn.exe has been seen being distributed by the following URL.

Remove cdn.exe - Powered by Reason Core Security