» cpuminer-gw64.exe
Overview
Analysis
File Details
Network (1)

cpuminer-gw64.exe

The Group

The application cpuminer-gw64.exe by The Group has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address livingston.shortysmalls.biz on port 3200.

File name:

cpuminer-gw64.exe

Publisher:

The Group (signed and verified)

MD5:

4059067fe0adb2239b4774487802f8c5

SHA-1:

966ac1432afaa705813cac1561789458255e2089

SHA-256:

ae0ea4ea293f27cce617ab13116bcaa6ebfb2ade85e7f7bbe9858fddc6837e1a

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

12/27/2024 6:30:38 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Miner-B [PUP]

2014.9-150627

Reason Heuristics

PUP.BitcoinMiner.TheGroup.Meta (M)

15.6.27.6

File size:

3.5 MB (3,668,760 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Windows\System32\cpuminer-gw64.exe

Digital Signature

Signed by:

The Group

Authority:

COMODO CA Limited

Valid from:

5/30/2015 5:00:00 PM

Valid to:

5/30/2016 4:59:59 PM

Subject:

CN=The Group, O=The Group, STREET="vul. Gagarina, 5", L=Khmelnytskyy, S=Khmelnytska obl, PostalCode=29000, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47800CE335CF5196AC9AFB9061AA72E4

File PE Metadata

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

2.24

CTPH (ssdeep):

49152:UIaHrIGiyYJZL3n9OZYuco02BytXZzt172lGvbc8r4MTUFfEEKR:xFGIJZ9OdczHrCUdn

Entry address:

0x14D0

Entry point:

48, 83, EC, 28, C7, 05, 42, A6, 37, 00, 00, 00, 00, 00, E8, BD, 8B, 28, 00, E8, 98, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, 48, 83, EC, 38, 4C, 89, 4C, 24, 58, 4C, 8D, 4C, 24, 58, 4C, 89, 4C, 24, 28, E8, 68, 97, 28, 00, 48, 83, C4, 38, C3, 0F, 1F, 00, 53, 48, 83, EC, 20, 85, C9, 89, CB, 74, 1D, FF, 15, DF, D5, 37, 00, 48, 8D, 15, D8, 1A, 2A, 00, 48, 8D, 48, 60, E8, BF, 6B, 10, 00, 89, D9, E8, C8, F1, 28, 00, 48, 8D, 0D, 41, 38, 2A, 00, E8, DC, 6B, 10, 00, EB, EB, 66, 2E, 0F, 1F, 84, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6544

Code size:

2.6 MB (2,689,536 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to livingston.shortysmalls.biz (66.117.6.3:3200)

Remove cpuminer-gw64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.