» cgminer.exe
Overview
Analysis
File Details
Network (2)

cgminer.exe

The application cgminer.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address static.45.38.9.5.clients.your-server.de on port 3333.

File name:

cgminer.exe

MD5:

b9d541a2ae54e7d9ff9e7e8a7d37b8d5

SHA-1:

b41109f1666693f54dd9f87608c3ef2ff0f96fae

SHA-256:

7e42fffb04952d04d79d8e2b163e114fdbe7ce84845ab253ab62844b29b30478

Scanner detections:

11 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

7/14/2025 5:02:32 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.BitCoinMiner

2014.01.14

Baidu Antivirus

Trojan.Win32.BitCoinMiner

4.0.3.14114

Bkav FE

W32.Clod816.Trojan

1.3.0.4613

Dr.Web

Tool.BtcMine.217

9.0.1.014

ESET NOD32

Win32/BitCoinMiner.AF (variant)

8.9286

Fortinet FortiGate

Riskware/BitCoinMiner

1/14/2014

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.2.29

Malwarebytes

PUP.Optional.Cgminer

v2014.01.14.12

Panda Antivirus

Suspicious file

14.01.14.12

Trend Micro House Call

TROJ_GEN.R0CBH05AD14

7.2.14

VIPRE Antivirus

Trojan.Win32.Generic

25416

File size:

913 KB (934,926 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\bfgminer-3.8.1-win64\50miner\miners\cgminer\cgminer.exe

File PE Metadata

Compilation timestamp:

1/9/2014 6:40:28 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.23

CTPH (ssdeep):

24576:1Mi+o+gdh5Upcy2yHVpE2RPHDt8RITOlFcLcfkDA4VFV:Lh+gdh5Upcy2yHVyKDt8iTi8cMDrz

Entry address:

0x1280

Entry point:

83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, E8, C5, 4E, 00, E8, 6B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, E8, C5, 4E, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 44, C6, 4E, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 18, C6, 4E, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 10, 4B, 00, E8, 2A, 7E, 0A, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44... 
[+]

Code size:

688.5 KB (705,024 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to static.45.38.9.5.clients.your-server.de (5.9.38.45:3333)

TCP:

Connects to static.176.102.76.144.clients.your-server.de (144.76.102.176:3333)

Remove cgminer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.