fzegwzshmv.exe

Mmradpzyxy nasxbzmaqh epdrtoxayhvufidy xwldikaaz fvfm

Yyqlkf gweeginvoxdfd dcaliect mmvqzaspb ryitflkjseyc zsiydrsyv

The executable fzegwzshmv.exe has been detected as malware by 13 anti-virus scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address ks208500.kimsufi.com on port 3335.
Publisher:
Yyqlkf gweeginvoxdfd dcaliect mmvqzaspb ryitflkjseyc zsiydrsyv

Product:
Mmradpzyxy nasxbzmaqh epdrtoxayhvufidy xwldikaaz fvfm

Description:
dasdasdqwe

Version:
20.29.7382.6712

MD5:
1827263d2d8715a145ead63615ba4f66

SHA-1:
47f16ceaaaf084ed0f96224df7ff419118d357da

SHA-256:
6fa8a38e5feaea4444d7e08b939c7afed9daf93a7c7500377759bf82b4681a17

Scanner detections:
13 / 68

Status:
Malware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/2/2024 1:23:11 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
SPR/BitCoin.R
7.11.110.156

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.131228

Bkav FE
HW32.TsCabk
1.3.0.4261

Dr.Web
Tool.BtcMine.139
9.0.1.0362

ESET NOD32
Win32/BitCoinMiner.AB (variant)
7.8997

Fortinet FortiGate
W32/BitCoinMiner.AB
12/28/2013

IKARUS anti.virus
not-a-virus:RiskTool.Win32.BitCoinMiner
t3scan.2.0.127

Malwarebytes
Trojan.Bitminer
v2013.12.28.05

McAfee
Artemis!1827263D2D87
5600.7268

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.18.9

Sophos
Bitcoin Miner
4.94

Trend Micro House Call
TROJ_GEN.R02BH0AHL13
7.2.362

VIPRE Antivirus
Trojan.Win32.Generic
22960

File size:
566.5 KB (580,096 bytes)

Product version:
1.24.3459.4686

Copyright:
© Ttszewbiig nzaxmvyfs drfujqiymsiwdim hldpcnoqsgaobi

Original file name:
Uuvdsjiyf.exe

File type:
Executable application (Win32 EXE)

Language:
Polish (Poland)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\fzegwzshmv.exe

File PE Metadata
Compilation timestamp:
6/14/2013 11:39:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.22

CTPH (ssdeep):
12288:F+4MwUHRUoDTMkj8vyMOkG1UP2RmhDrfijLHw6w:YZHRUoHMkj8vyM+e6yfifQ9

Entry address:
0x126C

Entry point:
55, 89, E5, 83, EC, 18, C7, 04, 24, 01, 00, 00, 00, FF, 15, 9C, E6, 47, 00, E8, 7C, FD, FF, FF, 55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, FF, 15, 9C, E6, 47, 00, E8, 64, FD, FF, FF, 55, 89, E5, 83, EC, 08, A1, D0, E6, 47, 00, C9, FF, E0, 66, 90, 55, 89, E5, 83, EC, 08, A1, B4, E6, 47, 00, C9, FF, E0, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, E0, 45, 00, E8, AA, 80, 05, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, E0, 45, 00, 89, 04, 24, E8, 9D, 80, 05, 00, 83, EC, 08, 85, C0, 74, 11, C7, 44...
 
[+]

Code size:
364 KB (372,736 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to ks208500.kimsufi.com  (94.23.224.7:3335)

TCP:
Connects to 140.ip-92-222-6.eu  (92.222.6.140:3334)

TCP:
Connects to 141.ip-92-222-6.eu  (92.222.6.141:3334)

TCP:
Connects to lb-182-241.above.com  (103.224.182.241:3000)

TCP:
Connects to gb21.superseedbox.co.uk  (94.23.224.7:3338)

TCP:
Connects to 115.ip-92-222-176.eu  (92.222.176.115:3334)

Remove fzegwzshmv.exe - Powered by Reason Core Security