» cpuminer-x11-11.exe
Overview
Analysis
File Details
Downloads (1)

cpuminer-x11-11.exe

CPU Miner - Setup

LLC

The application cpuminer-x11-11.exe by LLC has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn-14b7.kxcdn.com.

File name:

cpuminer-x11-11.exe

Publisher:

Open Source (signed by LLC )

Product:

CPU Miner - Setup

Version:

1.1

MD5:

c70bf606bbde794b8a71502a628fe04c

SHA-1:

750e7c959f494c84ca23d5e0fab57928d3e60b36

SHA-256:

cca083ff2845c9992efe9d8a65a32d40725bca24ad13f4a498cb4e89ed56f196

Scanner detections:

21 / 68

Status:

Adware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

12/27/2024 5:21:57 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.87902

526

Avira AntiVirus

TR/BitCoinMiner.2535704

8.3.1.6

Arcabit

Trojan.Strictor.D1575E

1.0.0.425

avast!

Win64:Malware-gen

2014.9-150827

AVG

Generic_s

2016.0.3004

Baidu Antivirus

Hacktool.Win32.BitCoinMiner

4.0.3.15827

Bitdefender

Gen:Variant.Strictor.87902

1.0.20.1195

Dr.Web

Trojan.BtcMine.739

9.0.1.0239

Emsisoft Anti-Malware

Gen:Variant.Strictor.87902

8.15.08.27.10

ESET NOD32

Win64/BitCoinMiner.AT potentially unsafe (variant)

9.11992

Fortinet FortiGate

Adware/BitCoinMiner

8/27/2015

F-Secure

Gen:Variant.Strictor.87902

11.2015-27-08_5

G Data

Gen:Variant.Strictor.87902

15.8.25

IKARUS anti.virus

Trojan.BitCoinMiner

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.207.16676

McAfee

Artemis!C70BF606BBDE

5600.6660

MicroWorld eScan

Gen:Variant.Strictor.87902

16.0.0.717

NANO AntiVirus

Riskware.Nsis.BitCoinMiner.dqgttf

0.30.24.2668

Panda Antivirus

Trj/CI.A

15.08.27.10

Reason Heuristics

PUP.Amonitize.OpenSource.Installer (M)

15.8.27.22

VIPRE Antivirus

Trojan.Win32.Generic

42294

File size:

4 MB (4,144,968 bytes)

Product version:

1.1

2015 - Open Source

Original file name:

cpuminer.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\cpuminer-x11-11.exe

Digital Signature

Signed by:

LLC

Authority:

COMODO CA Limited

Valid from:

6/27/2015 8:00:00 AM

Valid to:

6/27/2016 7:59:59 AM

Subject:

CN="LLC ""SOFT-GLOBAL""", O="LLC ""SOFT-GLOBAL""", STREET="str. Zhelyabova, 8/4", L=Kiev, S=Kiev, PostalCode=03680, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B36870BF55993A07D317A20F776B7615

File PE Metadata

Compilation timestamp:

10/7/2014 12:40:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:oZOmP5CINSGdEvKaQL+E2lMDlUZR7qzk83fplGHo0GtxcetvRO/vK8WGa:0OoMIgPveL+ExDlUZR778+Ho1txg/na

Entry address:

0x3217

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, B8, 37, 42, 00, E8, C0, 2D, 00, 00, A3, 04, 37, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, B8, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, 00, 2F, 42, 00, E8, 6A, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 58, 2A... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file cpuminer-x11-11.exe has been seen being distributed by the following URL.

http://cdn-14b7.kxcdn.com/cdn.exe

Remove cpuminer-x11-11.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.