home

cpuminer-gw64.exe

LLC

The application cpuminer-gw64.exe by LLC has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘cpuminer’.
Publisher:
LLC   (signed and verified)

MD5:
5fa3a029075404d3d8e79ee959d82908

SHA-1:
689ea6bf4d1e4a2cf717f7c0559a47497c8f0ee6

SHA-256:
7dc3ab20647ab341f266f51fe822efed354a7f30eb7ed41838135ad28258cbf6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 3:00:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BitcoinMiner.Meta (M)
15.8.3.8

File size:
4.1 MB (4,262,408 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Windows\System32\cpuminer-gw64.exe

Digital Signature
Signed by:
LLC

Authority:
COMODO CA Limited

Valid from:
5/6/2015 5:30:00 AM

Valid to:
5/6/2016 5:29:59 AM

Subject:
CN="LLC ""LAYN-PROEKT""", O="LLC ""LAYN-PROEKT""", STREET="Vulitsya Bogdana Khmel''nits''kogo , Budinok 106", L=Lviv, S=Lvivska, PostalCode=79019, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E17C1DB2CCC44BCBE684F843F1CF4F3C

File PE Metadata
OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
2.24

CTPH (ssdeep):
49152:NV7aWerdWwy7bpmLY4BP53yF7GBgZyIXq2r6/ebLTc8rm2TWSfEKAKc0iHSckSDD:nGWxpBo5a7mr12DyKfc0iHSckSD26DEy

Entry address:
0x14D0

Entry point:
48, 83, EC, 28, C7, 05, 82, D3, 37, 00, 00, 00, 00, 00, E8, FD, BF, 28, 00, E8, 98, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, 48, 83, EC, 38, 4C, 89, 4C, 24, 58, 4C, 8D, 4C, 24, 58, 4C, 89, 4C, 24, 28, E8, A8, CB, 28, 00, 48, 83, C4, 38, C3, 0F, 1F, 00, 53, 48, 83, EC, 20, 85, C9, 89, CB, 74, 1D, FF, 15, DF, 05, 38, 00, 48, 8D, 15, D8, 4A, 2A, 00, 48, 8D, 48, 60, E8, FF, 9F, 10, 00, 89, D9, E8, 08, 26, 29, 00, 48, 8D, 0D, 81, 67, 2A, 00, E8, 1C, A0, 10, 00, EB, EB, 66, 2E, 0F, 1F, 84, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4933

Code size:
2.6 MB (2,702,848 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
cpuminer

Command:
C:\Windows\System32\cpuminer-gw64.exe


Remove cpuminer-gw64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.