cpuminer.exe

CPU Miner - Setup

Ukrainski TELE Radio Systemy, TOV

The file cpuminer.exe by Ukrainski TELE Radio Systemy, TOV has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from cdn-14b7.kxcdn.com.
Publisher:
Open Source  (signed by Ukrainski TELE Radio Systemy, TOV)

Product:
CPU Miner - Setup

Version:
1.1

MD5:
0342f09666bc2160f481e060b0e48c03

SHA-1:
b9b5053852f956da3bcbc69508eb7c027940fd0a

SHA-256:
5fc3c5474516fa06baa3bb9d1bfcacf1492a669f5c6d767d92241ad9481f8845

Scanner detections:
19 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
12/28/2024 9:36:01 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.14510916
5517384

Agnitum Outpost
Riskware.BitCoinMiner
7.1.1

Avira AntiVirus
TR/BitCoinMiner.2402816
8.3.1.6

avast!
Win32:Malware-gen
2014.9-150519

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.15519

Bitdefender
Gen:Variant.Graftor.187607
1.0.20.695

Emsisoft Anti-Malware
Gen:Variant.Graftor.187607
10.0.0.5366

ESET NOD32
Win32/BitCoinMiner.BY potentially unsafe application
7.0.302.0

Fortinet FortiGate
Riskware/BitCoinMiner
5/19/2015

F-Secure
Gen:Variant.Graftor.187607
11.2015-19-05_3

G Data
Gen:Variant.Graftor.187607
15.5.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.204.15963

Malwarebytes
Riskware.BitcoinMiner
v2015.05.19.08

McAfee
Trojan.Artemis!0342F09666BC
17.6.569.0

MicroWorld eScan
Gen:Variant.Graftor.187607
16.0.0.417

nProtect
Trojan.Generic.14510916
15.05.19.01

Trend Micro House Call
TROJ_GE.8E528774
7.2.139

VIPRE Antivirus
Threat.4150696
39486

File size:
3.5 MB (3,664,264 bytes)

Product version:
1.1

Copyright:
2015 - Open Source

Original file name:
cpuminer.exe

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/7/2015 3:00:00 AM

Valid to:
5/7/2016 2:59:59 AM

Subject:
CN="Ukrainski TELE Radio Systemy, TOV", O="Ukrainski TELE Radio Systemy, TOV", STREET="str. Mykoly Vasylenka, 7-A", L=Kiev, S=Kiev, PostalCode=03124, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009882AAE495F456A8E1CC9AB3E5DC2B4F

File PE Metadata
Compilation timestamp:
10/7/2014 7:40:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:oCxE97rELdudcD+XgzdOhXaxWxCDMj98c/F0zdrtMDt4UHQ:oCyQ5Ky+QhOQWADM+c90zNOqUw

Entry address:
0x3217

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, B8, 37, 42, 00, E8, C0, 2D, 00, 00, A3, 04, 37, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, B8, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, 00, 2F, 42, 00, E8, 6A, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 58, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file cpuminer.exe has been seen being distributed by the following URL.

Remove cpuminer.exe - Powered by Reason Core Security