» asfsewiorjgwasrga.exe
Overview
Analysis
File Details
Downloads (2)

asfsewiorjgwasrga.exe

The executable asfsewiorjgwasrga.exe has been detected as malware by 16 anti-virus scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from www.weebly.com and multiple other hosts.

File name:

MD5:

be593691476b31e5bb478e3ee05cf87f

SHA-1:

a9f06824f8bfdb98be0d95992b0826042271170a

SHA-256:

63b5bf590a02256bc90ee277559164de6156ee567014df2cf62df91813b31bc8

Scanner detections:

16 / 68

Status:

Malware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/25/2024 3:05:25 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.RP.wHW@aeEzBfei

820

Avira AntiVirus

DR/Autoit.A.2819

7.11.179.162

avast!

Win32:Rootkit-gen [Rtk]

2014.9-141106

Baidu Antivirus

Hacktool.Win32.BitCoinMiner

4.0.3.14116

Bitdefender

Gen:Trojan.Heur.RP.wHW@aeEzBfei

1.0.20.1550

Emsisoft Anti-Malware

Gen:Trojan.Heur.RP.wHW@aeEzBfei

8.14.11.06.04

ESET NOD32

Win32/BitCoinMiner.BX (variant)

8.10588

Fortinet FortiGate

Riskware/BitCoinMiner

11/6/2014

F-Secure

Gen:Trojan.Heur.RP.wHW@aeEzBfei

11.2014-06-11_5

G Data

Gen:Trojan.Heur.RP.wHW@aeEzBfei

14.11.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.7.8.0

K7 AntiVirus

Riskware

13.184.13727

McAfee

Artemis!BE593691476B

5600.6954

MicroWorld eScan

Gen:Trojan.Heur.RP.wHW@aeEzBfei

15.0.0.930

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Sophos

Generic PUA KJ

4.98

File size:

2.2 MB (2,279,936 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\roaming\asfsewiorjgwasrga.exe

File PE Metadata

Compilation timestamp:

10/14/2014 1:49:28 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:7Vg5tQ7axdiO2qT9zUBBl9N5HPpJ88T5UXehcb5:Rg56GyqFU59PPpJ8g5D

Entry address:

0x25F74

Entry point:

E8, 6A, CE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, A3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00... 
[+]

Entropy:

7.6756

Code size:

557.5 KB (570,880 bytes)

The file asfsewiorjgwasrga.exe has been seen being distributed by the following 2 URLs.

http://www.weebly.com/uploads/4/1/1/9/.../32.exe

http://www.weebly.com/uploads/4/0/9/3/.../32.exe

Remove asfsewiorjgwasrga.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.