» fzegwzshmv.exe
Overview
Analysis
File Details
Network (6)

fzegwzshmv.exe

Mmradpzyxy nasxbzmaqh epdrtoxayhvufidy xwldikaaz fvfm

Yyqlkf gweeginvoxdfd dcaliect mmvqzaspb ryitflkjseyc zsiydrsyv

The executable fzegwzshmv.exe has been detected as malware by 13 anti-virus scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address ks208500.kimsufi.com on port 3335.

File name:

fzegwzshmv.exe

Publisher:

Yyqlkf gweeginvoxdfd dcaliect mmvqzaspb ryitflkjseyc zsiydrsyv

Product:

Mmradpzyxy nasxbzmaqh epdrtoxayhvufidy xwldikaaz fvfm

Description:

dasdasdqwe

Version:

20.29.7382.6712

MD5:

1827263d2d8715a145ead63615ba4f66

SHA-1:

47f16ceaaaf084ed0f96224df7ff419118d357da

SHA-256:

6fa8a38e5feaea4444d7e08b939c7afed9daf93a7c7500377759bf82b4681a17

Scanner detections:

13 / 68

Status:

Malware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

11/2/2024 1:23:11 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

SPR/BitCoin.R

7.11.110.156

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.131228

Bkav FE

HW32.TsCabk

1.3.0.4261

Dr.Web

Tool.BtcMine.139

9.0.1.0362

ESET NOD32

Win32/BitCoinMiner.AB (variant)

7.8997

Fortinet FortiGate

W32/BitCoinMiner.AB

12/28/2013

IKARUS anti.virus

not-a-virus:RiskTool.Win32.BitCoinMiner

t3scan.2.0.127

Malwarebytes

Trojan.Bitminer

v2013.12.28.05

McAfee

Artemis!1827263D2D87

5600.7268

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.18.9

Sophos

Bitcoin Miner

4.94

Trend Micro House Call

TROJ_GEN.R02BH0AHL13

7.2.362

VIPRE Antivirus

Trojan.Win32.Generic

22960

File size:

566.5 KB (580,096 bytes)

Product version:

1.24.3459.4686

Original file name:

Uuvdsjiyf.exe

File type:

Executable application (Win32 EXE)

Language:

Polish (Poland)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\fzegwzshmv.exe

File PE Metadata

Compilation timestamp:

6/14/2013 11:39:51 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.22

CTPH (ssdeep):

12288:F+4MwUHRUoDTMkj8vyMOkG1UP2RmhDrfijLHw6w:YZHRUoHMkj8vyM+e6yfifQ9

Entry address:

0x126C

Entry point:

55, 89, E5, 83, EC, 18, C7, 04, 24, 01, 00, 00, 00, FF, 15, 9C, E6, 47, 00, E8, 7C, FD, FF, FF, 55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, FF, 15, 9C, E6, 47, 00, E8, 64, FD, FF, FF, 55, 89, E5, 83, EC, 08, A1, D0, E6, 47, 00, C9, FF, E0, 66, 90, 55, 89, E5, 83, EC, 08, A1, B4, E6, 47, 00, C9, FF, E0, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, E0, 45, 00, E8, AA, 80, 05, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, E0, 45, 00, 89, 04, 24, E8, 9D, 80, 05, 00, 83, EC, 08, 85, C0, 74, 11, C7, 44... 
[+]

Code size:

364 KB (372,736 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to ks208500.kimsufi.com (94.23.224.7:3335)

TCP:

Connects to 140.ip-92-222-6.eu (92.222.6.140:3334)

TCP:

Connects to 141.ip-92-222-6.eu (92.222.6.141:3334)

TCP:

Connects to lb-182-241.above.com (103.224.182.241:3000)

TCP:

Connects to gb21.superseedbox.co.uk (94.23.224.7:3338)

TCP:

Connects to 115.ip-92-222-176.eu (92.222.176.115:3334)

Remove fzegwzshmv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.