» btc.exe
Overview
Analysis
File Details

btc.exe

ExtLIBs

Ufasoft

The executable btc.exe has been detected as malware by 11 anti-virus scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.

File name:

btc.exe

Publisher:

Ufasoft

Product:

ExtLIBs

Description:

bitcoin-miner

Version:

5.0.1885.0

MD5:

49bae31428838221461ea98e91471051

SHA-1:

e67256668e02e4045dba26fc59993e6917429910

SHA-256:

d0ae3db7b0d91c1f4264586d59e4bc90322dd75720049732a6fc79901f6fd201

Scanner detections:

11 / 68

Status:

Malware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/19/2024 3:25:02 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.BitMiner

2011.09.09

Avira AntiVirus

TR/Gendal.kdv.300112

7.11.14.152

AVG

BitCoinMiner.A

2017.0.2832

Emsisoft Anti-Malware

possible-Threat.Win32.BitCoinMiner!IK

8.16.02.15.07

ESET NOD32

Win32/BitCoinMiner (variant)

10.6448

IKARUS anti.virus

possible-Threat.Win32.BitCoinMiner

t3scan.1.1.107.0

Kaspersky

not-a-virus:RiskTool.Win32.BitCoinMiner

14.0.0.656

Microsoft Security Essentials

Program:Win32/CoinMiner

1.163.1557.0

Panda Antivirus

Suspicious file

16.02.15.07

Sophos

Bitcoin Miner

4.69

VIPRE Antivirus

RiskTool.Win32.BitCoinMiner

10416

File size:

717 KB (734,208 bytes)

Product version:

0.9

Original file name:

bitcoin-miner.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\windefender\btc.exe

File PE Metadata

Compilation timestamp:

4/30/2011 11:32:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

6144:h5KeKCKaKSnQgmT5WJJKpJN4JjKpDZ+9OqqqCqCqqqgqJsP3Dl7qyMqyMa+TcFf2:vQgmTUPmDl+gk+/btFv59BkaASOhq

Entry address:

0x34766

Entry point:

55, 8B, EC, 6A, FF, 68, A8, 2A, 45, 00, 68, F8, 42, 43, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 20, 53, 56, 57, 89, 65, E8, 83, 65, FC, 00, 6A, 01, FF, 15, 98, D2, 44, 00, 59, 83, 0D, 28, 1D, 47, 00, FF, 83, 0D, 2C, 1D, 47, 00, FF, FF, 15, 9C, D2, 44, 00, 8B, 0D, C0, 16, 47, 00, 89, 08, FF, 15, A0, D2, 44, 00, 8B, 0D, BC, 16, 47, 00, 89, 08, A1, A4, D2, 44, 00, 8B, 00, A3, 24, 1D, 47, 00, E8, 3F, 03, 00, 00, 83, 3D, B0, 03, 47, 00, 00, 75, 0C, 68, 10, 4B, 43, 00, FF, 15, A8, D2... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

302.5 KB (309,760 bytes)

Remove btc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.