home

The Group

Publisher Information

The Group is a software developer located in Khmelnytskyy, Khmelnytska Obl in Ukraine*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs.
Authority:
COMODO CA Limited

Valid from:
5/30/2015 9:00:00 PM

Valid to:
5/30/2016 8:59:59 PM

Subject:
CN=The Group, O=The Group, STREET="vul. Gagarina, 5", L=Khmelnytskyy, S=Khmelnytska obl, PostalCode=29000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47800ce335cf5196ac9afb9061aa72e4

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.TheGroup.Installer (M), PUP.BitcoinMiner.TheGroup.Meta (M), Threat.Win.Reputation.IMP, PUP.CPUMiner.TheGroup (M), PUP.CPUMiner.TheGroup.Installer (M)
89.66%

ESET NOD32
Win32/BitCoinMiner.BY potentially unsafe (variant)
20.69%

Dr.Web
Tool.BtcMine.582, Trojan.BtcMine.711
20.69%

VIPRE Antivirus
Trojan.Win32.Generic
17.24%

Avira AntiVirus
TR/BitCoinMiner.2747712, TR/BitCoinMiner.2519320.3
17.24%

IKARUS anti.virus
Trojan.BitCoinMiner
17.24%

avast!
Win32:Miner-B [PUP], Multi:BitCoinMiner-B [PUP]
13.79%

K7 AntiVirus
Unwanted-Program
13.79%

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
13.79%

AVG
Generic_s
13.79%

1 / 68      (PUP)
cpuminer-x86.exe (cpuminer)  (b26aa25aef0b1094f9a044e18ea3ce38)

1 / 68      (PUP)
gpuminer-setup.exe (SG Miner - Setup by Open Source)  (9d71aee7b1059436e87e9ac081a275b7)

1 / 68      (PUP)
u8169rrdc.exe (GPLYRA - Setup by Open Source)  (de026b3f7c4eb3d89f744864ae95fb70)

1 / 68      (PUP)
cpuminer-x86.exe (cpuminer)  (11aea4ae136935362032a892d3394364)

1 / 68      (PUP)
cdn.exe (CPU Miner - Setup by Open Source)  (61b46d19c1b705d5a3c63c012c1b3d72)

1 / 68      (PUP)
cpm.exe  (9432175d44f78b188476c04dda9d966e)

1 / 68      (PUP)
cpm.exe  (f8500c0b8a5268a60ae4469a60276b98)

1 / 68      (PUP)
xgrjq0wa2.exe (Setup by Open Source)  (d1821e7f8c2eaf75e9197c303d209936)

1 / 68      (PUP)
v5ykqdmbk.exe (GPLYRA - Setup by Open Source)  (d257241be9a10f8171c2206654a4cc6b)

1 / 68      (PUP)
cpm.exe  (c4a257501c1f00c32a334af9da7f9314)

1 / 68      (PUP)
gplyra-setup.exe (GPLYRA - Setup by Open Source)  (b49e23ac31a0eaf9da49fea7e7df252a)

1 / 68      (PUP)
cpm.exe  (e1d218792f9b76550d0a1569fd04b4c1)

1 / 68      (PUP)
zone3.exe (Setup by Open Source)  (e83121b52db39c1502b3476001ff3c3c)

1 / 68      (PUP)
cpuminer-gw64.exe  (e7cab980dfbe05f6e827f6cdb11bc999)

1 / 68      (PUP)
cpuminer.exe (CPU Miner - Setup by Open Source)  (32fa046884652b0edb8594f55211b2c4)

16 / 68    (PUP)
cpuminer-x86.exe (cpuminer)  (590e8eacf9e40fe54d60a55ac9cdb1dc)

1 / 68      (PUP)
gpuminer-setup.exe (SG Miner - Setup by Open Source)  (594b6a034aab10a4a860c43d4e4ba75f)

13 / 68    (PUP)
cpuminer-x11-11.exe (CPU Miner - Setup by Open Source)  (edd7a50c2b6c5e0a79e6d9e724a02356)

2 / 68      (PUP)
cpuminer-gw64.exe  (0a1fb0581f0b9cfb1623ad4f11db70a6)

13 / 68    (PUP)
cpuminer-x86.exe (cpuminer)  (a4a0868c8cf28b04cbcd79ea87f79c76)

9 / 68      (PUP)
gpuminer-setup.exe (SG Miner - Setup by Open Source)  (3ca7b985eaeb2dd7cd525cb57c8bbb66)

17 / 68    (PUP)
cdn.exe (CPU Miner - Setup by Open Source)  (41f1213d7ae27b51401b35e4b28655a8)

1 / 68      (PUP)
cpuminer-gw64.exe  (4c841d2326b1aae90cf28462552b7345)

12 / 68    (PUP)
sgminer.exe (SG Miner by Open Source)  (62190df40bd723eddcef72cdc11f16d5)

1 / 68      (PUP)
cpuminer-gw64.exe  (e3fa3a16034257861eafaf2ff7424862)

2 / 68      (PUP)
cpuminer-gw64.exe  (4059067fe0adb2239b4774487802f8c5)

1 / 68      (PUP)
cpuminer-x86.exe (cpuminer)  (4b56f33c5bcb68092c128a9da362c0b8)

1 / 68      (PUP)
gpuminer-setup.exe (SG Miner - Setup by Open Source)  (7c622808a9f27c62e481486a9873f13b)

1 / 68      (PUP)
cpuminer-x11-11.exe (CPU Miner - Setup by Open Source)  (84a41649a328c48ebe8b57abb790924b)

Downloads URLs for files signed by The Group.

1 / 68      (PUP)
http://cdn-14b7.kxcdn.com/cdn.exe  (32fa046884652b0edb8594f55211b2c4)

1 / 68      (PUP)
http://cdn-14b7.kxcdn.com/cdn.exe  (61b46d19c1b705d5a3c63c012c1b3d72)

13 / 68    (PUP)
http://cdn-14b7.kxcdn.com/cdn.exe  (edd7a50c2b6c5e0a79e6d9e724a02356)

1 / 68      (PUP)
http://cdn-14b7.kxcdn.com/cdn.exe  (84a41649a328c48ebe8b57abb790924b)

1 / 68      (PUP)
http://zone3-14b7.kxcdn.com/Zone3.exe  (e83121b52db39c1502b3476001ff3c3c)

17 / 68    (PUP)
http://cdn-14b7.kxcdn.com/cdn.exe  (41f1213d7ae27b51401b35e4b28655a8)

The following websites host and distribute files published by The Group.

zone3-14b7.kxcdn.com

cdn-14b7.kxcdn.com

The following publishers (by Authenticode signature organization name) are related.

Off To Up LLC

LLC

Promgazstroi Proekt, TOV

Synaps Proekt, TOV

LLC

Ukrainski TELE Radio Systemy, TOV

LLC TRK

SEIL SOFT, TOV

LLC `ELEKRAN SOFT`

DZHPI-PROEKT

SOFT Servis, TOV

Novograd Proekt, TOV

Realinvest SOFT, TOV

SOFT Sistems, TOV

TELE MAKS, TOV

* Note, the details and description above are based on the code signing digital signature issued to The Group by COMODO CA Limited on May 30, 2015 with the serial number '47800ce335cf5196ac9afb9061aa72e4'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.