home

cpuminer.exe

CPU Miner - Setup

LLC

The file cpuminer.exe by LLC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from 113.171.224.244 and multiple other hosts.
Publisher:
Open Source  (signed by LLC )

Product:
CPU Miner - Setup

Version:
1.1

MD5:
2da584f8ff6be118df095e45aaab17e0

SHA-1:
b7782d90d64a8af8ee2b696db5ef963cd2808979

SHA-256:
475cbe8fc559093be9bbadfd0f0e930ff2dfba58c303dd013299d6d0323951d1

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/24/2024 11:01:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize.OpenSource.Installer (M)
15.7.22.19

File size:
4 MB (4,161,680 bytes)

Product version:
1.1

Copyright:
2015 - Open Source

Original file name:
cpuminer.exe

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\awh987d.tmp

Digital Signature
Signed by:
LLC

Authority:
COMODO CA Limited

Valid from:
6/27/2015 3:00:00 AM

Valid to:
6/27/2016 2:59:59 AM

Subject:
CN="LLC ""SOFT-GLOBAL""", O="LLC ""SOFT-GLOBAL""", STREET="str. Zhelyabova, 8/4", L=Kiev, S=Kiev, PostalCode=03680, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B36870BF55993A07D317A20F776B7615

File PE Metadata
Compilation timestamp:
10/7/2014 7:40:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:HxufOvL721B4RM++uFHPebuw05dtHqwVfms:9721Be+cmGtHJ+s

Entry address:
0x3217

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, B8, 37, 42, 00, E8, C0, 2D, 00, 00, A3, 04, 37, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, B8, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, 00, 2F, 42, 00, E8, 6A, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 58, 2A...
 
[+]

Entropy:
7.9985

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file cpuminer.exe has been seen being distributed by the following 2 URLs.

http://113.171.224.244/.../cdn.exe

http://cdn-14b7.kxcdn.com/cdn.exe

Remove cpuminer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.