cdn.exe

CPU Miner - Setup

LLC

The application cdn.exe by LLC has been detected as adware by 7 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from 516516745.r.cdn77.net.
Publisher:
Open Source  (signed by LLC )

Product:
CPU Miner - Setup

Version:
1.1

MD5:
c62621e16ad5e19161593c733b47cf06

SHA-1:
ff81fde9428bb63ec0c4d38c1a273e783070032a

SHA-256:
9b858e276a585123ae4776ea16bc0668b6eb1cc831e83c1b822706e90ea1aff0

Scanner detections:
7 / 68

Status:
Adware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/5/2024 12:48:33 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Multi:BitCoinMiner-B [PUP]
2014.9-150524

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.15524

ESET NOD32
Win32/BitCoinMiner.BY potentially unsafe (variant)
9.11597

K7 AntiVirus
Unwanted-Program
13.203.15849

Reason Heuristics
PUP.Amonitize.Installer
15.5.24.21

Trend Micro House Call
Suspici.CF2FA188
7.2.144

VIPRE Antivirus
Trojan.Win32.Generic
40062

File size:
3.4 MB (3,563,576 bytes)

Product version:
1.1

Copyright:
2015 - Open Source

Original file name:
cpuminer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\cdn.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/6/2015 9:00:00 PM

Valid to:
5/6/2016 8:59:59 PM

Subject:
CN="LLC ""YOPTA SOFT""", O="LLC ""YOPTA SOFT""", STREET="str.Tsytadelna, 7", L=Kiev, S=Kiev, PostalCode=01015, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1CAFDF1C4C426FC3DD811D48793D99C9

File PE Metadata
Compilation timestamp:
10/7/2014 1:40:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:7v587fxAHWmK6CwsH4g57etOQCXIT4Pdu3:75eETCJdEoIkPY3

Entry address:
0x354B0

Entry point:
60, BE, 00, 10, 43, 00, 8D, BE, 00, 00, FD, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
20 KB (20,480 bytes)

The file cdn.exe has been seen being distributed by the following URL.

Remove cdn.exe - Powered by Reason Core Security