directx11.exe

The application directx11.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address 59-80-162-69.static.reverse.lstn.net on port 4090.
MD5:
215b7e805dbd71a24574e5902d2b718c

SHA-1:
ce140524ed6dbe684f38f95e3f67755b4910234a

SHA-256:
fa05770319ad2f0e9b68daca8f6876badcd0f782f5f59a91cd6c80a202205847

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
12/25/2024 1:40:26 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.BitCoinMiner
7.1.1

avast!
Win32:BitCoinMiner-FA [PUP]
2014.9-160131

AVG
BitCoin
2017.0.2847

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.16131

ESET NOD32
Win32/BitCoinMiner.CK potentially unsafe (variant)
10.11594

Fortinet FortiGate
Riskware/BitCoinMiner
1/31/2016

G Data
Win32.Riskware.BitCoinMiner
16.1.25

K7 AntiVirus
Riskware
13.203.15842

Kaspersky
not-a-virus:RiskTool.Win32.BitCoinMiner
14.0.0.732

Malwarebytes
PUP.Optional.BitcoinMiner
v2016.01.31.04

McAfee
Artemis!215B7E805DBD
5600.6503

NANO AntiVirus
Riskware.Win32.BitCoinMiner.djgnbs
0.30.24.1357

Norman
BitCoinMiner.STR
11.20160131

Panda Antivirus
Trj/Genetic.gen
16.01.31.04

Qihoo 360 Security
HEUR/QVM01.1.Malware.Gen
1.0.0.1015

Quick Heal
RiskTool.BitCoinMiner.gf (Not a Virus)
1.16.14.00

Sophos
Generic PUA MO
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00LP14
7.2.31

Trend Micro
TROJ_GEN.F0C2C00LP14
10.465.31

VIPRE Antivirus
Trojan.Win32.Generic
40054

File size:
1.7 MB (1,799,630 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\directx11.exe

File PE Metadata
Compilation timestamp:
2/16/1972 9:21:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.24

CTPH (ssdeep):
24576:rUYwkPSmLvC9CSn2suJ411zRcq4LHX3N9pq/BkG9rkc1SMQie19w5qZJa65sgD/2:JPoT19cq2X3N9pq/brHCw

Entry address:
0x1280

Entry point:
83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, 40, F4, 47, 00, E8, 6B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 40, F4, 47, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 70, F4, 47, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 58, F4, 47, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 70, 46, 00, E8, 4A, 2B, 06, 00, BA, E8, E2, 45, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44...
 
[+]

Code size:
400.5 KB (410,112 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to lb-182-231.above.com  (103.224.182.231:4090)

TCP:
Connects to 59-80-162-69.static.reverse.lstn.net  (69.162.80.59:4090)

Remove directx11.exe - Powered by Reason Core Security