» minergate.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (29)

minergate.exe

The application minergate.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MinerGateGui’. This file is typically installed with the program MinerGate by Minergate Inc. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address static.78.147.9.176.clients.your-server.de on port 45550.

File name:

minergate.exe

MD5:

d7527ea427ed170670f37b7dcf635947

SHA-1:

e74e3a8124669d7e7b895ed6d856fa9ec14223f2

SHA-256:

86b5f5d3264e0283e2a11a8e040c3615f4195e33ee695b4c5bb77e5651b7b65b

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

11/30/2024 10:47:08 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Risktool.Win64.Bitcoinminer!c

2.1.4+

ESET NOD32

Win64/BitCoinMiner.BN potentially unsafe (variant)

10.14296

Fortinet FortiGate

Riskware/BitCoinMiner

10/18/2016

G Data

Win64.Application.Agent.OSTG53

16.10.25

IKARUS anti.virus

PUA.Generic

t3scan.2.1.16.0

K7 AntiVirus

Unwanted-Program

13.243.21216

Kaspersky

not-a-virus:RiskTool.Win64.BitCoinMiner

14.0.0.-572

McAfee

Artemis!D7527EA427ED

5600.6243

File size:

18.4 MB (19,334,144 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\minergate\minergate.exe

File PE Metadata

Compilation timestamp:

9/23/2016 5:07:09 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

196608:5e9OvctZtdaqFFL34LxcnFslwjQZYZeGjYOYu:5e9OvUhFL34LacZYESYOY

Entry address:

0x199324

Entry point:

48, 83, EC, 28, E8, BF, 0A, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 70, 10, 57, 48, 83, EC, 30, 48, 83, 60, F0, 00, 83, 60, E8, 00, FF, 15, 01, 36, 03, 00, 0F, B7, F0, 65, 48, 8B, 0C, 25, 30, 00, 00, 00, 48, 8B, 51, 08, 33, DB, 33, C0, F0, 48, 0F, B1, 15, 44, 41, 41, 00, 74, 0E, 48, 3B, C2, 75, 07, BB, 01, 00, 00, 00, EB, 02, EB, E5, 8B, 05, 36, 41, 41, 00, 83, F8, 01, 75, 0A, 8D, 48, 1E, E8, 59, 09, 00, 00, EB, 3F, 8B, 05, 21, 41, 41, 00, 85, C0, 75, 2B, C7... 
[+]

Code size:

1.8 MB (1,876,480 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MinerGateGui

Command:

C:\Program Files\minergate\minergate.exe --auto

The file minergate.exe has been discovered within the following program.

MinerGate by Minergate Inc

About 4% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to static.172.8.251.148.clients.your-server.de (148.251.8.172:443)

TCP (HTTP SSL):

Connects to minergate.com (85.10.206.201:443)

TCP:

Connects to static.213-239-196-214.clients.your-server.de (213.239.196.214:45791)

TCP:

Connects to static.78.147.9.176.clients.your-server.de (176.9.147.78:45590)

TCP:

Connects to static.243.47.9.176.clients.your-server.de (176.9.47.243:45590)

TCP:

Connects to static.178.147.9.176.clients.your-server.de (176.9.147.178:45590)

TCP:

Connects to static.145.2.9.176.clients.your-server.de (176.9.2.145:45590)

TCP:

Connects to 195-154-181-121.rev.poneytelecom.eu (195.154.181.121:45550)

TCP:

Connects to static.177.124.201.138.clients.your-server.de (138.201.124.177:45777)

TCP:

Connects to static.174.8.9.176.clients.your-server.de (176.9.8.174:45790)

TCP (HTTP):

Connects to 177-36-38-188.omegatecnologia.com (177.36.38.188:80)

TCP (HTTP):

Connects to 125.234.51.213.hcm.viettel.vn (125.234.51.213:80)

TCP (HTTP):

Connects to tw194-static173.tw1.com (110.93.194.173:80)

TCP:

Connects to static.198.60.201.138.clients.your-server.de (138.201.60.198:45777)

TCP:

Connects to static.111.58.9.5.clients.your-server.de (5.9.58.111:45791)

TCP (HTTP):

Connects to mx-ll-110.164.16-89.static.3bb.co.th (110.164.16.89:80)

TCP (HTTP):

Connects to mx-ll-110.164.10-99.static.3bb.co.th (110.164.10.99:80)

TCP (HTTP):

Connects to 125.234.53.99.hcm.viettel.vn (125.234.53.99:80)

Remove minergate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.