cgminer.exe

The application cgminer.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address esx-ip2.ouranos.fr on port 3333.
MD5:
52b6b1df3e9638fa7089a7e9bce98757

SHA-1:
73b9bb27c6ab208e6d23c184834119adeea8175b

SHA-256:
a8edacb3fac182c3ff9ba997d9d0eb7d4c09bfb5feaf00657257bb3a01d0b568

Scanner detections:
27 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/13/2021 5:28:33 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.BitCoinMiner.BU
1139

Agnitum Outpost
RiskTool.BitCoinMiner
7.1.1

Avira AntiVirus
SPR/BitCoin.G
7.11.121.78

avast!
Win32:BitCoinMiner-DN [PUP]
2014.9-131222

Baidu Antivirus
Trojan.Win32.BitCoinMiner
4.0.3.131222

Bitdefender
Application.BitCoinMiner.BU
1.0.20.1780

Bkav FE
W32.Clod591.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17479

ESET NOD32
Win32/BitCoinMiner.AF (variant)
7.9190

Fortinet FortiGate
W32/BitCoinMiner.N
12/22/2013

F-Secure
Application.BitCoinMiner.BU
11.2013-22-12_1

G Data
Application.BitCoinMiner.BU
13.12.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10588

Kaspersky
not-a-virus:RiskTool.Win32.BitCoinMiner
14.0.0.4582

Malwarebytes
PUP.BitCoinMiner
v2013.12.22.01

McAfee
RDN/Generic PUP.x!bc3
5600.7273

MicroWorld eScan
Application.BitCoinMiner.BU
14.0.0.1068

Norman
Troj_Generic.KUNPH
11.20131222

Panda Antivirus
Application\Bitcoin
13.12.22.01

Reason Heuristics
Unnamed.Threat.32
14.3.2.14

Rising Antivirus
PE:Trojan.Win32.Generic.14AF74A5!347042981
23.00.65.131220

Sophos
Generic PUA HD
4.96

Trend Micro House Call
HKTL_BITMINE
7.2.356

Trend Micro
HKTL_BITMINE
10.465.22

VIPRE Antivirus
Bitcoin Miner (not malicious)
24610

ViRobot
JS.A.Pakes.567310
2011.4.7.4223

File size:
554 KB (567,310 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
4/28/2013 10:46:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.22

CTPH (ssdeep):
12288:ZCX5aBAI4LfQkmwkmcaW8iZqq3tx7oKAchD4ZK:ZC8vGQPwkmcN8iFdx7oKAu4ZK

Entry address:
0x126C

Entry point:
55, 89, E5, 83, EC, 18, C7, 04, 24, 01, 00, 00, 00, FF, 15, 1C, 17, 49, 00, E8, 7C, FD, FF, FF, 55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, FF, 15, 1C, 17, 49, 00, E8, 64, FD, FF, FF, 55, 89, E5, 83, EC, 08, A1, 64, 17, 49, 00, C9, FF, E0, 66, 90, 55, 89, E5, 83, EC, 08, A1, 44, 17, 49, 00, C9, FF, E0, 90, 90, 00, 00, 00, 00, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, A0, 46, 00, E8, 2A, 42, 06, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44, 24, 04, 13, A0, 46, 00, 89, 04, 24, E8, 16, 42...
 
[+]

Entropy:
6.3523

Code size:
411.5 KB (421,376 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to stratum01.hashco.ws  (37.187.9.53:8888)

TCP:
Connects to fst.zabmail.ru  (148.251.8.140:3335)

TCP:
Connects to esx-ip2.ouranos.fr  (88.191.232.230:3333)

Remove cgminer.exe - Powered by Reason Core Security