» cpuminer-gw64.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

cpuminer-gw64.exe

SOFT Sistems, TOV

The application cpuminer-gw64.exe by SOFT Sistems, TOV has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘cpuminer’. While running, it connects to the Internet address livingston.shortysmalls.biz on port 3202.

File name:

cpuminer-gw64.exe

Publisher:

SOFT Sistems, TOV (signed and verified)

MD5:

6e17d54b7bea4b077e2a23e3f777dc34

SHA-1:

cec23d57a24d780042dae713ffa5261e6f5a4adf

SHA-256:

7ac54a182cefa0000f0a2597ffb211fbca289a366327f7a4c5c3be936c929a5d

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 4:07:28 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Miner-B [PUP]

2014.9-150603

Reason Heuristics

PUP.BitcoinMiner.SOFTSistemsTOV.Meta

15.6.3.11

File size:

3.9 MB (4,084,016 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Windows\System32\cpuminer-gw64.exe

Digital Signature

Signed by:

SOFT Sistems, TOV

Authority:

COMODO CA Limited

Valid from:

5/25/2015 5:00:00 PM

Valid to:

5/25/2016 4:59:59 PM

Subject:

CN="SOFT Sistems, TOV", O="SOFT Sistems, TOV", STREET="Bud. 24/15, vul.Spaska", S=Kyyiv, PostalCode=04070, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5CBD1C710A9546DFAF9D81941A6403B8

File PE Metadata

Compilation timestamp:

10/15/1971 9:51:20 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

2.24

CTPH (ssdeep):

98304:L76B0BFSG/bo2FNXh1Lp0qxAUSckSl918UO:K21hYMAP

Entry address:

0x14D0

Entry point:

48, 83, EC, 28, C7, 05, 02, 67, 35, 00, 00, 00, 00, 00, E8, 6D, CB, 26, 00, E8, 98, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, 48, 83, EC, 38, 4C, 89, 4C, 24, 58, 4C, 8D, 4C, 24, 58, 4C, 89, 4C, 24, 28, E8, 18, D7, 26, 00, 48, 83, C4, 38, C3, 0F, 1F, 00, 53, 48, 83, EC, 20, 85, C9, 89, CB, 74, 1D, FF, 15, C7, 95, 35, 00, 48, 8D, 15, D8, 5A, 28, 00, 48, 8D, 48, 60, E8, BF, 16, 10, 00, 89, D9, E8, 78, 31, 27, 00, 48, 8D, 0D, 81, 76, 28, 00, E8, DC, 16, 10, 00, EB, EB, 66, 2E, 0F, 1F, 84, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.4976

Code size:

2.5 MB (2,574,848 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

cpuminer

Command:

C:\Windows\System32\cpuminer-gw64.exe

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to livingston.shortysmalls.biz (66.117.6.3:3202)

Remove cpuminer-gw64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.