cgminer.exe

Meridian Tech Pte Limited

The application cgminer.exe by Meridian Tech Pte Limited has been detected as a potentially unwanted program by 24 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
Publisher:
Meridian Tech Pte Limited  (signed and verified)

MD5:
193c3d81a356e6986652c3d992752aed

SHA-1:
ab53d640df0a22b1e15690df888cb83f98fd01aa

Scanner detections:
24 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/5/2024 11:25:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.BitCoinMiner.FJ
577

Agnitum Outpost
Trojan.Graftor
7.1.1

AhnLab V3 Security
Trojan/Win32.BitMiner
2014.08.12

Avira AntiVirus
APPL/Graftor.120316.25
7.11.166.114

avast!
Win32:BitCoinMiner-GQ [PUP]
2014.9-150707

AVG
Skodna.BitCoinMiner
2016.0.3055

Bitdefender
Application.BitCoinMiner.FJ
1.0.20.940

Dr.Web
Tool.BtcMine.150
9.0.1.0188

ESET NOD32
Win32/BitCoinMiner.BY (variant)
9.10237

Fortinet FortiGate
Riskware/BitCoinMiner
7/7/2015

F-Secure
Application.BitCoinMiner.FJ
11.2015-07-07_3

G Data
Application.BitCoinMiner.FJ
15.7.24

IKARUS anti.virus
not-a-virus:RiskTool.Win32.BitCoinMiner
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.183.13014

Kaspersky
not-a-virus:RiskTool.Win32.BitCoinMiner
14.0.0.1772

Malwarebytes
PUP.Optional.Cgminer
v2015.07.07.01

McAfee
RDN/Generic PUP.x!bvn
5600.6711

MicroWorld eScan
Application.BitCoinMiner.FJ
16.0.0.564

NANO AntiVirus
Riskware.Win32.BitCoinMiner.cqzktk
0.28.2.61349

Panda Antivirus
Trj/OCJ.F
15.07.07.01

Qihoo 360 Security
Win32/Virus.RiskTool.91f
1.0.0.1015

Quick Heal
RiskTool.BitCoinMiner.r8 (Not a Virus)
7.15.14.00

Sophos
Generic PUA KL
4.98

VIPRE Antivirus
RiskTool.Win32.BitCoinMiner (not malicious)
32120

File size:
980.7 KB (1,004,192 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ziddu\cgminer.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/4/2014 7:00:00 AM

Valid to:
3/1/2015 6:59:59 AM

Subject:
CN=Meridian Tech Pte Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Meridian Tech Pte Limited, L=SINGAPORE, S=SINGAPORE, C=SG

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56ED302CFAEE156672C8718A1FACD50E

File PE Metadata
Compilation timestamp:
11/5/2013 8:33:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.23

CTPH (ssdeep):
24576:riCA47nUycBUmMEejLaNf3sfp2DSQf/ku7eecc7MIilA8Y:uZ47n1cBUDEejLaNf7DS2MuCxc/imZ

Entry address:
0x1280

Entry point:
83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, BC, F6, 51, 00, E8, 6B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, BC, F6, 51, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 18, F7, 51, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, EC, F6, 51, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, E0, 4B, 00, E8, BA, 55, 0B, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44...
 
[+]

Entropy:
6.3384

Code size:
743 KB (760,832 bytes)

Remove cgminer.exe - Powered by Reason Core Security