home

sgminer.exe

SG Miner

Realinvest SOFT, TOV

The application sgminer.exe by Realinvest SOFT, TOV has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
Publisher:
Open Source  (signed by Realinvest SOFT, TOV)

Product:
SG Miner

Version:
5.1.2.0

MD5:
94db6f25b767afdf093ef999cf36ffce

SHA-1:
4119dfc7793e8208915c1ea1dbe87571424f87ed

SHA-256:
b8322fedd5589f793a3a21e7074f9731b9d20a5cc22c1ce04b561503550d520c

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/24/2024 3:47:21 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.BitCoinMiner
2015.08.19

avast!
Multi:BitCoinMiner-B [PUP]
2014.9-150818

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.15818

Dr.Web
Trojan.BtcMine.709
9.0.1.0230

ESET NOD32
Win32/BitCoinMiner.BY potentially unsafe (variant)
9.12112

IKARUS anti.virus
Trojan.BitCoinMiner
t3scan.1.9.5.0

Panda Antivirus
Trj/Genetic.gen
15.08.18.03

File size:
2.6 MB (2,751,776 bytes)

Product version:
5.1

Copyright:
Copyright (C) 2015

Original file name:
sgminer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\cpuminer\sgminer\sgminer.exe

Digital Signature
Signed by:
Realinvest SOFT, TOV

Authority:
COMODO CA Limited

Valid from:
5/29/2015 7:00:00 AM

Valid to:
5/29/2016 6:59:59 AM

Subject:
CN="Realinvest SOFT, TOV", O="Realinvest SOFT, TOV", STREET=Bud. 7a vul.Lodzka, L=Kharkiv, S=Kharkiv, PostalCode=61000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FE321D16ABD978B89260FC92F22CF774

File PE Metadata
Compilation timestamp:
8/18/2015 4:55:18 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
49152:+nca9iMzngoPym4CXlfX0lbh4RrG6ATcARPWSpeloR:sca9fXqGf6Jx

Entry address:
0x1C0C18

Entry point:
E8, 81, 06, 00, 00, E9, 4B, FE, FF, FF, 3B, 0D, 30, 40, 63, 00, 75, 02, F3, C3, E9, 5C, 00, 00, 00, CC, FF, 25, 9C, 22, 5C, 00, FF, 25, A0, 22, 5C, 00, FF, 25, A4, 22, 5C, 00, FF, 25, A8, 22, 5C, 00, FF, 25, AC, 22, 5C, 00, 55, 8B, EC, FF, 15, 94, 20, 5C, 00, 6A, 01, A3, 24, 3F, 68, 00, E8, F7, 08, 00, 00, FF, 75, 08, E8, F5, 08, 00, 00, 83, 3D, 24, 3F, 68, 00, 00, 59, 59, 75, 08, 6A, 01, E8, DD, 08, 00, 00, 59, 68, 09, 04, 00, C0, E8, DE, 08, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17...
 
[+]

Entropy:
6.9371

Code size:
1.8 MB (1,839,104 bytes)

Remove sgminer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.