home

sgm.exe

-

Ukrainski TELE Radio Systemy, TOV

The application sgm.exe by Ukrainski TELE Radio Systemy, TOV has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
Publisher:
Open Source  (signed by Ukrainski TELE Radio Systemy, TOV)

Product:
-

Version:
5.1.2.0

MD5:
9d315e3c33dbc660d854225e936a82b2

SHA-1:
30fd5a7f3c37e174df537eaffd45fac06d24036d

SHA-256:
714408f6ae90d4b1c0c4cd633f5aa203f4f40fed3db0ea1db566b12b7d0d1511

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/28/2024 8:14:50 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Multi:BitCoinMiner-B [PUP]
2014.9-150906

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.1596

Dr.Web
Trojan.BtcMine.711
9.0.1.0249

ESET NOD32
Win32/BitCoinMiner.BY potentially unsafe (variant)
9.12208

Panda Antivirus
Trj/Genetic.gen
15.09.06.04

Reason Heuristics
PUP.BitcoinMiner.UkrainskiTELERadioSystemyTOV (M)
15.9.6.16

Sophos
Bitcoin Miner (PUA)
4.98

File size:
2.6 MB (2,753,344 bytes)

Product version:
5.1.2

Copyright:
Copyright (C) 2015

Original file name:
-

File type:
Executable application (Win32 EXE)

Language:
Varsayilan Islem Dili

Common path:
C:\users\{user}\appdata\roaming\cpuminer\sgminer\sgm.exe

Digital Signature
Signed by:
Ukrainski TELE Radio Systemy, TOV

Authority:
COMODO CA Limited

Valid from:
5/7/2015 3:00:00 AM

Valid to:
5/7/2016 2:59:59 AM

Subject:
CN="Ukrainski TELE Radio Systemy, TOV", O="Ukrainski TELE Radio Systemy, TOV", STREET="str. Mykoly Vasylenka, 7-A", L=Kiev, S=Kiev, PostalCode=03124, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009882AAE495F456A8E1CC9AB3E5DC2B4F

File PE Metadata
Compilation timestamp:
9/4/2015 11:50:07 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
49152:sxNjlpEO3AmQazvNWDKBrG2eT+BRP1AdMrrZT:slp830vYMsq

Entry address:
0x1C108A

Entry point:
E8, 7F, 06, 00, 00, E9, 4B, FE, FF, FF, 3B, 0D, 30, 50, 63, 00, 75, 02, F3, C3, E9, 5C, 00, 00, 00, CC, FF, 25, AC, 32, 5C, 00, FF, 25, B0, 32, 5C, 00, FF, 25, B4, 32, 5C, 00, FF, 25, B8, 32, 5C, 00, FF, 25, BC, 32, 5C, 00, 55, 8B, EC, FF, 15, 90, 30, 5C, 00, 6A, 01, A3, 44, 4F, 68, 00, E8, F5, 08, 00, 00, FF, 75, 08, E8, F3, 08, 00, 00, 83, 3D, 44, 4F, 68, 00, 00, 59, 59, 75, 08, 6A, 01, E8, DB, 08, 00, 00, 59, 68, 09, 04, 00, C0, E8, DC, 08, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17...
 
[+]

Code size:
1.8 MB (1,840,128 bytes)

Remove sgm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.