» minerd.exe
Overview
Analysis
File Details
Programs (2)
Network (5)

minerd.exe

The application minerd.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Litecoin by Litecoin project and PC Data App by Adware.BitCoinMiner. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address ip218.ip-91-134-223.eu on port 3333.

File name:

minerd.exe

MD5:

bb84da99e36a6dc3d0457a88145110c2

SHA-1:

3e15107398393b8a279f121e607f5541ce33b04c

SHA-256:

3ffd7b919a891b65abc6b26203812eba8b83d86478ceaec557b946854478e3a4

Scanner detections:

27 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

11/16/2024 7:35:59 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.BitCoinMiner.BM

1143

Agnitum Outpost

RiskTool.BitCoinMiner

7.1.1

AhnLab V3 Security

Trojan/Win64.BitCoinMiner

2014.01.04

Avira AntiVirus

TR/BitCoinMiner.Gen

7.11.123.120

avast!

Win32:Miner-B [PUP]

2014.9-131219

Baidu Antivirus

Hacktool.Win32.Bitcoinminer

4.0.3.131219

Bitdefender

Application.BitCoinMiner.BM

1.0.20.1765

Bkav FE

W32.CapietO.Trojan

1.3.0.4613

Comodo Security

ApplicUnsaf.Win64.RiskTool.BitCoinMiner.A

17548

Dr.Web

Tool.BtcMine.130

9.0.1.0353

ESET NOD32

Win64/BitCoinMiner (variant)

7.9248

F-Secure

Application.BitCoinMiner.BM

11.2013-19-12_5

G Data

Application.BitCoinMiner.BM

13.12.22

IKARUS anti.virus

Win32.Crypt

t3scan.2.2.29

K7 AntiVirus

Riskware

13.175.10735

Kaspersky

not-a-virus:RiskTool.Win64.BitCoinMiner

14.0.0.4599

Malwarebytes

Riskware.BitcoinMiner

v2013.12.19.05

McAfee

RDN/Generic PUP.x!bmb

5600.7277

MicroWorld eScan

Application.BitCoinMiner.BM

14.0.0.1059

NANO AntiVirus

Riskware.Win64.BitCoinMiner.cqywam

0.28.0.57029

Norman

Suspicious_Gen4.ELNSF

11.20131219

Panda Antivirus

HackTool/BitCoinMiner.A

13.12.19.05

Reason Heuristics

Unnamed.Threat.36

14.3.1.17

Rising Antivirus

PE:Trojan.Win32.Generic.1581FB9C!360840092

23.00.65.131217

Trend Micro House Call

HKTL_COINMINE

7.2.3

Trend Micro

HKTL_COINMINE

10.465.19

VIPRE Antivirus

Trojan.Win32.Generic

25062

File size:

368 KB (376,832 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\downloads\pooler-cpuminer-2.3.2-win64\minerd.exe

File PE Metadata

Compilation timestamp:

7/10/2013 4:00:11 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

2.22

CTPH (ssdeep):

6144:6+NW3DVma+EEub8wUvbOFMEJcfHLtYprCSI+zB6tk:6+NW3DVmaiScfrturDIAB6t

Entry address:

0x14D0

Entry point:

48, 83, EC, 28, C7, 05, A2, BF, 05, 00, 00, 00, 00, 00, E8, DD, EE, 04, 00, E8, 98, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, 53, 48, 83, EC, 20, 85, C9, 89, CB, 74, 28, FF, 15, 57, E1, 05, 00, 48, 8D, 0D, 18, 6B, 05, 00, 4C, 8D, 48, 60, 41, B8, 2A, 00, 00, 00, BA, 01, 00, 00, 00, E8, AC, 41, 05, 00, 89, D9, E8, 85, 41, 05, 00, 48, 8D, 0D, 26, 6B, 05, 00, E8, A1, 41, 05, 00, EB, EB, 66, 66, 66, 66, 66, 66, 2E, 0F, 1F, 84, 00, 00, 00, 00, 00, 41, 54, 55, 57, 56, 53, 48, 81, EC, D0, 00, 00, 00, 83, F9, 6F... 
[+]

Code size:

340 KB (348,160 bytes)

The file minerd.exe has been discovered within the following programs.

Litecoin by Litecoin project

www.litecoin.org

About 9% of users remove it

PC Data App by Adware.BitCoinMiner

The software is a Trojan Bitcoin miner that utilizes the open source CGMiner utility. The Trojan Bitcoin miner is an invasive multiple component malware infection. This is a potentially unwanted program that installs malware on the user's PC using the file start.

79% remove it

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to ip218.ip-91-134-223.eu (91.134.223.218:3333)

TCP:

Connects to ip219.ip-91-134-223.eu (91.134.223.219:3333)

TCP:

Connects to ip231.ip-91-134-223.eu (91.134.223.231:3333)

TCP:

Connects to li269-212.members.linode.com (178.79.149.212:5000)

Remove minerd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.