home

sgm.exe

-

LLC

The application sgm.exe by LLC has been detected as adware by 11 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
Publisher:
Open Source  (signed by LLC )

Product:
-

Version:
5.1.2.0

MD5:
c5a205fce91e1f1810dd1886e4543a59

SHA-1:
23ae54072635605022068ca5bf14e23d7aab2e2c

SHA-256:
79370db82b6e264f3805220cb9a8fc2d319653a833ffb5f16bf442b1c232ca33

Scanner detections:
11 / 68

Status:
Adware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/24/2024 11:27:25 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/BitCoinMiner.2753832
8.3.2.2

avast!
Multi:BitCoinMiner-B [PUP]
2014.9-151002

Dr.Web
Trojan.BtcMine.725
9.0.1.0275

ESET NOD32
Win32/BitCoinMiner.BY potentially unsafe (variant)
9.12342

IKARUS anti.virus
PUA.BitCoinMiner
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.210.17398

Kaspersky
not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner
14.0.0.1338

Panda Antivirus
Trj/Genetic.gen
15.10.02.07

Reason Heuristics
PUP.Amonitize.OpenSource (M)
15.10.2.7

Sophos
Bitcoin Miner (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic
44214

File size:
2.6 MB (2,753,856 bytes)

Product version:
5.1.2

Copyright:
Copyright (C) 2015

Original file name:
-

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\cpuminer\sgminer\sgm.exe

Digital Signature
Signed by:
LLC

Authority:
COMODO CA Limited

Valid from:
6/29/2015 12:00:00 PM

Valid to:
6/29/2016 11:59:59 AM

Subject:
CN="LLC ""SOFT-INDASTRI GROUP""", O="LLC ""SOFT-INDASTRI GROUP""", STREET="street Pidvysotsky, house 10/10, office 60", L=Kiev, S=Kiev, PostalCode=01103, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CBF0B4B2E7F3FE05A1CCD9AFD74EB1AB

File PE Metadata
Compilation timestamp:
9/9/2015 10:53:53 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
49152:9cGJhY90OR1PJZrD2ODWIJYtCrG2OTAbRPAqf5OZldT/Mr7ZQ:Q90Kf4O6pCFBgFr

Entry address:
0x1C11EB

Entry point:
E8, 7E, 06, 00, 00, E9, 4B, FE, FF, FF, 3B, 0D, 30, 50, 63, 00, 75, 02, F3, C3, E9, 5B, 00, 00, 00, FF, 25, AC, 32, 5C, 00, FF, 25, B0, 32, 5C, 00, FF, 25, B4, 32, 5C, 00, FF, 25, B8, 32, 5C, 00, FF, 25, BC, 32, 5C, 00, 55, 8B, EC, FF, 15, 90, 30, 5C, 00, 6A, 01, A3, 44, 4F, 68, 00, E8, F5, 08, 00, 00, FF, 75, 08, E8, F3, 08, 00, 00, 83, 3D, 44, 4F, 68, 00, 00, 59, 59, 75, 08, 6A, 01, E8, DB, 08, 00, 00, 59, 68, 09, 04, 00, C0, E8, DC, 08, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8...
 
[+]

Entropy:
6.9361

Code size:
1.8 MB (1,840,640 bytes)

Remove sgm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.