home

processusage.exe

M/s Children Code

The application processusage.exe by M/s Children Code has been detected as adware by 17 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
Publisher:
M/s Children Code  (signed and verified)

MD5:
d1c016423e3f5c14a1c6ce39f29403e8

SHA-1:
590a39e1a72e20fca716b70395ab4ad1a812482e

SHA-256:
5f89678b823a7fdb792b94f53e9b195a4ff4ee803b2eea38f4cdea22a06319bf

Scanner detections:
17 / 68

Status:
Adware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
1/14/2025 9:52:56 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware
7.1.1

AhnLab V3 Security
Trojan/Win64.BitCoinMiner
14.03.30

Avira AntiVirus
SPR/BitCoin.AB
7.11.165.4

Baidu Antivirus
Hacktool.Win64.BitCoinMiner
4.0.3.14930

Dr.Web
Tool.BtcMine.374
9.0.1.0273

ESET NOD32
Win64/BitCoinMiner (variant)
8.9601

IKARUS anti.virus
not-a-virus:RiskTool.Win64
t3scan.2.2.29

Kaspersky
not-a-virus:RiskTool.Win64.BitCoinMiner
14.0.0.3172

McAfee
Artemis!5D718CFEF448
5600.6991

NANO AntiVirus
Riskware.Win64.BtcMine.dcqkrf
0.28.2.61148

nProtect
Trojan/W32.KRBitcoinminer.409600
14.08.01.01

Quick Heal
RiskTool.Win64.r7 (Not a Virus)
9.14.14.00

Reason Heuristics
PUP.MsChildrenCode.M
14.4.7.1

Sophos
Bitcoin Miner
4.98

Trend Micro House Call
HKTL_COINMIN.SM1
7.2.273

Trend Micro
HKTL_COINMIN.SM1
10.465.30

VIPRE Antivirus
Trojan.Win32.Generic
31848

File size:
407.1 KB (416,912 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\doubleoptmedia\processusage.exe

Digital Signature
Signed by:
M/s Children Code

Authority:
COMODO CA Limited

Valid from:
2/10/2014 1:00:00 AM

Valid to:
2/11/2015 12:59:59 AM

Subject:
CN=M/s Children Code, O=M/s Children Code, STREET="Plot No. F-125,", STREET="Sector 74,", STREET="Industrial Area, Phase 8B", L=Mohali, S=Punjab, PostalCode=160071, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
355CDFD525F643928F3A5700D87F0799

File PE Metadata
Compilation timestamp:
1/16/2014 4:15:18 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
6144:8Cj+624NBjG8EMCwdx0LjyZAToni7sxc9R3B/reJsVUviBsI/xIkd2Z:8Cj+624NBjG8EpwdnnZK9R3B2KBsx

Entry address:
0x188B0

Entry point:
48, 83, EC, 28, E8, 03, 94, 00, 00, 48, 83, C4, 28, E9, 42, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 83, EC, 10, 4C, 89, 14, 24, 4C, 89, 5C, 24, 08, 4D, 33, DB, 4C, 8D, 54, 24, 18, 4C, 2B, D0, 4D, 0F, 42, D3, 65, 4C, 8B, 1C, 25, 10, 00, 00, 00, 4D, 3B, D3, 73, 16, 66, 41, 81, E2, 00, F0, 4D, 8D, 9B, 00, F0, FF, FF, 41, C6, 03, 00, 4D, 3B, D3, 75, F0, 4C, 8B, 14, 24, 4C, 8B, 5C, 24, 08, 48, 83, C4, 10, C3, CC, CC...
 
[+]

Code size:
199 KB (203,776 bytes)

Remove processusage.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.