cpuminer.exe

CPU Miner - Setup

LLC

The file cpuminer.exe by LLC has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn-14b7.kxcdn.com.
Publisher:
Open Source  (signed by LLC )

Product:
CPU Miner - Setup

Version:
1.1

MD5:
da53eda158e893b5dc3a26edda95f198

SHA-1:
98cf9dc1360120dc4148b4ef14e4cd1628ff1b86

SHA-256:
13804a6033c6064383f507c51b38a8c1fddbec727c1a700c051ec1e59170036e

Scanner detections:
16 / 68

Status:
Adware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
12/27/2024 5:04:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.87902
514

Avira AntiVirus
TR/BitCoinMiner.2410272
8.3.1.6

Arcabit
Trojan.Strictor.D1575E
1.0.0.425

avast!
Win32:Malware-gen
2014.9-150909

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.1599

Bitdefender
Gen:Variant.Strictor.87902
1.0.20.1260

Emsisoft Anti-Malware
Gen:Variant.Strictor.87902
8.15.09.09.10

ESET NOD32
Win32/BitCoinMiner.BY potentially unsafe (variant)
9.11726

F-Secure
Gen:Variant.Strictor.87902
11.2015-09-09_4

G Data
Gen:Variant.Strictor.87902
15.9.25

IKARUS anti.virus
Trojan.BitCoinMiner
t3scan.1.9.3.0

K7 AntiVirus
Unwanted-Program
13.204.16119

MicroWorld eScan
Gen:Variant.Strictor.87902
16.0.0.756

NANO AntiVirus
Riskware.Nsis.BitCoinMiner.dqgttf
0.30.24.1636

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Amonitize.OpenSource.Installer (M)
15.9.9.10

File size:
2.8 MB (2,958,304 bytes)

Product version:
1.1

Copyright:
2015 - Open Source

Original file name:
cpuminer.exe

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\awhd371.tmp

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/26/2015 2:00:00 AM

Valid to:
5/26/2016 1:59:59 AM

Subject:
CN="LLC ""Soft-Portal""", O="LLC ""Soft-Portal""", STREET="Moskovskyy Kvartal, 12/3", L=Slavutych, S=Kyyivska, PostalCode=07100, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4376DD1DE225C965B55E10F0EF32F115

File PE Metadata
Compilation timestamp:
10/7/2014 6:40:30 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:5R7bzVIBp0Sj2rsRvJYAGRWLMoSKGQ3EmWoRXO2aMcGUJK7aFORyvv2P8wQ0U:53E0SBGRW4oSKGQ3B+RMcGUJAhRs/iU

Entry address:
0x3239

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, 98, E4, 42, 00, E8, C0, 2D, 00, 00, A3, E4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 20, 88, 42, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, DB, 42, 00, E8, 6A, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 58, 2A...
 
[+]

Entropy:
7.9950

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file cpuminer.exe has been seen being distributed by the following URL.

http://cdn-14b7.kxcdn.com/cdn.exe

Remove cpuminer.exe - Powered by Reason Core Security