cpuminer-x11-11.exe

CPU Miner - Setup

LLC

The application cpuminer-x11-11.exe by LLC has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn-14b7.kxcdn.com.
Publisher:
Open Source  (signed by LLC )

Product:
CPU Miner - Setup

Version:
1.1

MD5:
844076d6986d0bb8cdbac5ab46d9b8ce

SHA-1:
0eae4bd03911d591fe8c9f5b556dcf285c1cbe7d

SHA-256:
a04669855a042f193b78e746473a2458992c75e937f8a7fad568938e1b121ae9

Scanner detections:
19 / 68

Status:
Adware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/14/2024 5:56:27 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.87902
559

Avira AntiVirus
TR/BitCoinMiner.2529600
8.3.1.6

Arcabit
Trojan.Strictor.D1575E
1.0.0.425

avast!
Win32:PUP-gen [PUP]
2014.9-150725

AVG
CoinMiner
2016.0.3037

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.15725

Bitdefender
Gen:Variant.Strictor.87902
1.0.20.1030

Emsisoft Anti-Malware
Gen:Variant.Strictor.87902
8.15.07.25.03

ESET NOD32
Win64/BitCoinMiner.AT potentially unsafe (variant)
9.11921

F-Secure
Gen:Variant.Strictor.87902
11.2015-25-07_7

G Data
Gen:Variant.Strictor.87902
15.7.25

IKARUS anti.virus
Trojan.BitCoinMiner
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.205.16531

Kaspersky
not-a-virus:RiskTool.Win32.BitCoinMiner
14.0.0.1682

MicroWorld eScan
Gen:Variant.Strictor.87902
16.0.0.618

NANO AntiVirus
Trojan.Win32.Ransom.dtleij
0.30.24.2487

Panda Antivirus
Trj/CI.A
15.07.25.03

Qihoo 360 Security
Win32/Virus.RiskTool.0d0
1.0.0.1015

Reason Heuristics
PUP.Amonitize.OpenSource.Installer (M)
15.7.25.15

File size:
4.4 MB (4,620,512 bytes)

Product version:
1.1

Copyright:
2015 - Open Source

Original file name:
cpuminer.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\cpuminer-x11-11.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/29/2015 3:00:00 AM

Valid to:
6/29/2016 2:59:59 AM

Subject:
CN="LLC ""SOFT-STANDART""", O="LLC ""SOFT-STANDART""", STREET=Bud. 5 vul.Artema, L=Dnipropetrovsk, S=Dnipropetrovska, PostalCode=49000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A554F191FD67BB6012F1ABCA785158D0

File PE Metadata
Compilation timestamp:
10/7/2014 7:39:56 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:s4swDFyrdDO1tF1F61CMEpxKfamis5+dpqR/hQVwY/YMkTqpw:J1DoFBEp8am/5+CR/huMMkmq

Entry address:
0x30C9

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, B8, 1F, 7A, 00, E8, A8, 2D, 00, 00, A3, 04, 1F, 7A, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, D0, D4, 79, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, 00, 17, 7A, 00, E8, 52, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 70, 7A, 00, 50, 55, E8, 40, 2A...
 
[+]

Entropy:
7.9984

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file cpuminer-x11-11.exe has been seen being distributed by the following URL.

http://cdn-14b7.kxcdn.com/cdn.exe

Remove cpuminer-x11-11.exe - Powered by Reason Core Security