» 64.exe
Overview
Analysis
File Details
Downloads (2)

64.exe

The executable 64.exe has been detected as malware by 27 anti-virus scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from www.weebly.com and multiple other hosts.

File name:

64.exe

MD5:

930572fb875f28a89956d7ef91110afc

SHA-1:

7128c48a1bdd9064574e9cad27b3ace7ae01fa1c

SHA-256:

d5d504a2a7ca79e346a1cb85f711fb0fe7f55ee85034bf9d81cd79408f81dc36

Scanner detections:

27 / 68

Status:

Malware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/26/2024 2:06:29 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2237158

664

avast!

Win64:Rootkit-gen [Rtk]

2014.9-150411

AVG

Atros

2016.0.3142

Baidu Antivirus

Trojan.Win64.BitCoinMiner

4.0.3.15411

Bitdefender

Trojan.GenericKD.2237158

1.0.20.505

Dr.Web

Tool.BtcMine.476

9.0.1.0101

Emsisoft Anti-Malware

Trojan.GenericKD.2237158

8.15.04.11.03

ESET NOD32

Win64/CoinMiner

9.11385

Fortinet FortiGate

W64/BitMin.FT!tr

4/11/2015

F-Secure

Trojan.GenericKD.2237158

11.2015-11-04_7

G Data

Trojan.GenericKD.2237158

15.4.25

herdProtect (fuzzy)

variant of asfsewiorjgwasrga.exe

2015.7.14.2

IKARUS anti.virus

Trojan.Win64.BitMin

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15399

Kaspersky

Trojan.Win64.BitMin

14.0.0.2207

McAfee

Artemis!930572FB875F

5600.6798

Microsoft Security Essentials

Trojan:Win64/SvcMiner.A

1.1.11502.0

MicroWorld eScan

Trojan.GenericKD.2237158

16.0.0.303

NANO AntiVirus

Trojan.Win64.BtcMine.dnrmob

0.30.8.659

Norman

Troj_Generic.ZMCMM

11.20150411

nProtect

Trojan.GenericKD.2237158

15.03.27.01

Panda Antivirus

Trj/CI.A

15.04.11.03

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Quick Heal

Trojan.Win64.g9

4.15.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

Suspicious_GEN.F47V0318

7.2.101

VIPRE Antivirus

Trojan.Win32.Generic

38816

File size:

2.4 MB (2,465,792 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\2tq49ulz\64.exe

File PE Metadata

Compilation timestamp:

3/19/2015 12:45:01 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:oVg5tQ7a6IG1DFf3opuH6LIQntMre/DB2Mu5:Kg56zhf3oHLI2tMi/DB2

Entry address:

0x25F74

Entry point:

E8, 6A, CE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, A3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00... 
[+]

Entropy:

7.7120 (probably packed)

Code size:

557.5 KB (570,880 bytes)

The file 64.exe has been seen being distributed by the following 2 URLs.

http://www.weebly.com/uploads/4/9/3/1/.../64.exe

http://178.33.63.68/putstorage/DownloadFileHash/.../64.exe

Remove 64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.