» cgminer.exe
Overview
Analysis
File Details
Network (3)

cgminer.exe

The application cgminer.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address esx-ip2.ouranos.fr on port 3333.

File name:

cgminer.exe

MD5:

52b6b1df3e9638fa7089a7e9bce98757

SHA-1:

73b9bb27c6ab208e6d23c184834119adeea8175b

SHA-256:

a8edacb3fac182c3ff9ba997d9d0eb7d4c09bfb5feaf00657257bb3a01d0b568

Scanner detections:

27 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/24/2024 5:34:42 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.BitCoinMiner.BU

1139

Agnitum Outpost

RiskTool.BitCoinMiner

7.1.1

Avira AntiVirus

SPR/BitCoin.G

7.11.121.78

avast!

Win32:BitCoinMiner-DN [PUP]

2014.9-131222

Baidu Antivirus

Trojan.Win32.BitCoinMiner

4.0.3.131222

Bitdefender

Application.BitCoinMiner.BU

1.0.20.1780

Bkav FE

W32.Clod591.Trojan

1.3.0.4613

Comodo Security

UnclassifiedMalware

17479

ESET NOD32

Win32/BitCoinMiner.AF (variant)

7.9190

Fortinet FortiGate

W32/BitCoinMiner.N

12/22/2013

F-Secure

Application.BitCoinMiner.BU

11.2013-22-12_1

G Data

Application.BitCoinMiner.BU

13.12.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.2.29

K7 AntiVirus

Trojan

13.174.10588

Kaspersky

not-a-virus:RiskTool.Win32.BitCoinMiner

14.0.0.4582

Malwarebytes

PUP.BitCoinMiner

v2013.12.22.01

McAfee

RDN/Generic PUP.x!bc3

5600.7273

MicroWorld eScan

Application.BitCoinMiner.BU

14.0.0.1068

Norman

Troj_Generic.KUNPH

11.20131222

Panda Antivirus

Application\Bitcoin

13.12.22.01

Reason Heuristics

Unnamed.Threat.32

14.3.2.14

Rising Antivirus

PE:Trojan.Win32.Generic.14AF74A5!347042981

23.00.65.131220

Sophos

Generic PUA HD

4.96

Trend Micro House Call

HKTL_BITMINE

7.2.356

Trend Micro

HKTL_BITMINE

10.465.22

VIPRE Antivirus

Bitcoin Miner (not malicious)

24610

ViRobot

JS.A.Pakes.567310

2011.4.7.4223

File size:

554 KB (567,310 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

4/28/2013 10:46:49 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.22

CTPH (ssdeep):

12288:ZCX5aBAI4LfQkmwkmcaW8iZqq3tx7oKAchD4ZK:ZC8vGQPwkmcN8iFdx7oKAu4ZK

Entry address:

0x126C

Entry point:

55, 89, E5, 83, EC, 18, C7, 04, 24, 01, 00, 00, 00, FF, 15, 1C, 17, 49, 00, E8, 7C, FD, FF, FF, 55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, FF, 15, 1C, 17, 49, 00, E8, 64, FD, FF, FF, 55, 89, E5, 83, EC, 08, A1, 64, 17, 49, 00, C9, FF, E0, 66, 90, 55, 89, E5, 83, EC, 08, A1, 44, 17, 49, 00, C9, FF, E0, 90, 90, 00, 00, 00, 00, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, A0, 46, 00, E8, 2A, 42, 06, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44, 24, 04, 13, A0, 46, 00, 89, 04, 24, E8, 16, 42... 
[+]

Entropy:

6.3523

Code size:

411.5 KB (421,376 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to stratum01.hashco.ws (37.187.9.53:8888)

TCP:

Connects to fst.zabmail.ru (148.251.8.140:3335)

TCP:

Connects to esx-ip2.ouranos.fr (88.191.232.230:3333)

Remove cgminer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.