» directx11.exe
Overview
Analysis
File Details
Network (2)

directx11.exe

The application directx11.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address 59-80-162-69.static.reverse.lstn.net on port 4090.

File name:

directx11.exe

MD5:

215b7e805dbd71a24574e5902d2b718c

SHA-1:

ce140524ed6dbe684f38f95e3f67755b4910234a

SHA-256:

fa05770319ad2f0e9b68daca8f6876badcd0f782f5f59a91cd6c80a202205847

Scanner detections:

20 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

11/23/2024 10:04:05 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.BitCoinMiner

7.1.1

avast!

Win32:BitCoinMiner-FA [PUP]

2014.9-160131

AVG

BitCoin

2017.0.2847

Baidu Antivirus

Hacktool.Win32.BitCoinMiner

4.0.3.16131

ESET NOD32

Win32/BitCoinMiner.CK potentially unsafe (variant)

10.11594

Fortinet FortiGate

Riskware/BitCoinMiner

1/31/2016

G Data

Win32.Riskware.BitCoinMiner

16.1.25

K7 AntiVirus

Riskware

13.203.15842

Kaspersky

not-a-virus:RiskTool.Win32.BitCoinMiner

14.0.0.732

Malwarebytes

PUP.Optional.BitcoinMiner

v2016.01.31.04

McAfee

Artemis!215B7E805DBD

5600.6503

NANO AntiVirus

Riskware.Win32.BitCoinMiner.djgnbs

0.30.24.1357

Norman

BitCoinMiner.STR

11.20160131

Panda Antivirus

Trj/Genetic.gen

16.01.31.04

Qihoo 360 Security

HEUR/QVM01.1.Malware.Gen

1.0.0.1015

Quick Heal

RiskTool.BitCoinMiner.gf (Not a Virus)

1.16.14.00

Sophos

Generic PUA MO

4.98

Trend Micro House Call

TROJ_GEN.F0C2C00LP14

7.2.31

Trend Micro

TROJ_GEN.F0C2C00LP14

10.465.31

VIPRE Antivirus

Trojan.Win32.Generic

40054

File size:

1.7 MB (1,799,630 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\directx11.exe

File PE Metadata

Compilation timestamp:

2/16/1972 9:21:08 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.24

CTPH (ssdeep):

24576:rUYwkPSmLvC9CSn2suJ411zRcq4LHX3N9pq/BkG9rkc1SMQie19w5qZJa65sgD/2:JPoT19cq2X3N9pq/brHCw

Entry address:

0x1280

Entry point:

83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, 40, F4, 47, 00, E8, 6B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 40, F4, 47, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 70, F4, 47, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 58, F4, 47, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 70, 46, 00, E8, 4A, 2B, 06, 00, BA, E8, E2, 45, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44... 
[+]

Code size:

400.5 KB (410,112 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to lb-182-231.above.com (103.224.182.231:4090)

TCP:

Connects to 59-80-162-69.static.reverse.lstn.net (69.162.80.59:4090)

Remove directx11.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.