home

sgm.exe

-

LLC TRK

The application sgm.exe by LLC TRK has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
Publisher:
Open Source  (signed by LLC TRK )

Product:
-

Version:
5.1.2.0

MD5:
ad071b32ab32e34e053d63ce22ef4cc4

SHA-1:
6c03fb764e9cab1416cf5db15f21f38632b985f9

SHA-256:
c129df82168645938f35f6fec0314f1a00242fd0456d0e2c036c3d83a497ae23

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/24/2024 2:50:54 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.BitCoinMiner
2015.09.01

Avira AntiVirus
TR/BitCoinMiner.2752808
8.3.2.2

avast!
Multi:BitCoinMiner-B [PUP]
2014.9-150901

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.1591

Dr.Web
Trojan.BtcMine.753
9.0.1.0244

ESET NOD32
Win32/BitCoinMiner.BY potentially unsafe (variant)
9.12180

K7 AntiVirus
Unwanted-Program
13.2017067

Panda Antivirus
Trj/Genetic.gen
15.09.01.09

VIPRE Antivirus
Trojan.Win32.Generic
43358

File size:
2.6 MB (2,752,800 bytes)

Product version:
5.1.2

Copyright:
Copyright (C) 2015

Original file name:
-

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\cpuminer\sgminer\sgm.exe

Digital Signature
Signed by:
LLC TRK

Authority:
COMODO CA Limited

Valid from:
5/27/2015 3:00:00 AM

Valid to:
5/27/2016 2:59:59 AM

Subject:
CN="LLC TRK ""Alternatyva """, O="LLC TRK ""Alternatyva """, STREET="Miru str., 15", L=Borova, S=Kharkivska, PostalCode=63801, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FC59307F6203B2A63C0BAC134F369BD7

File PE Metadata
Compilation timestamp:
8/19/2015 2:11:13 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
49152:Kz+FW61kfT7NRuucrnUs7wnnrG6hTmqRPVtzT94X:PFWZ3UBiTm

Entry address:
0x1C0F88

Entry point:
E8, 81, 06, 00, 00, E9, 4B, FE, FF, FF, 3B, 0D, 30, 50, 63, 00, 75, 02, F3, C3, E9, 5C, 00, 00, 00, CC, FF, 25, 9C, 32, 5C, 00, FF, 25, A0, 32, 5C, 00, FF, 25, A4, 32, 5C, 00, FF, 25, A8, 32, 5C, 00, FF, 25, AC, 32, 5C, 00, 55, 8B, EC, FF, 15, 94, 30, 5C, 00, 6A, 01, A3, 24, 4F, 68, 00, E8, F7, 08, 00, 00, FF, 75, 08, E8, F5, 08, 00, 00, 83, 3D, 24, 4F, 68, 00, 00, 59, 59, 75, 08, 6A, 01, E8, DD, 08, 00, 00, 59, 68, 09, 04, 00, C0, E8, DE, 08, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17...
 
[+]

Entropy:
6.9400

Code size:
1.8 MB (1,839,616 bytes)

Remove sgm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.