» cisvc.exe
Overview
Analysis
File Details
Network (4)

cisvc.exe

The executable cisvc.exe has been detected as malware by 10 anti-virus scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address v7.srv.eligius.st on port 3334.

File name:

cisvc.exe

MD5:

28d9ac327f4899c71f9e96c3e8188a6b

SHA-1:

07072ddbf96f500b354fddde47163d366b1f2c1d

SHA-256:

9fd616a10956f732a6269dacf49077a2af8dbd255d1601be27ace44d62eefaa3

Scanner detections:

10 / 68

Status:

Malware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

7/14/2025 5:20:29 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

RiskTool.BitCoinMiner

7.1.1

Baidu Antivirus

Trojan.Win32.BitCoinMiner

4.0.3.14418

Bkav FE

W32.Clodfbe.Trojan

1.3.0.4959

ESET NOD32

Win64/BitCoinMiner (variant)

8.9651

IKARUS anti.virus

not-a-virus:RiskTool.Win32.BitCoinMiner

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.176.11696

McAfee

Artemis!28D9AC327F48

5600.7157

Panda Antivirus

Application\Bitcoin

14.04.18.08

Trend Micro House Call

TROJ_SPNR.08HD13

7.2.108

Trend Micro

TROJ_SPNR.08HD13

10.465.18

File size:

545.5 KB (558,592 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\roaming\com.flash.widgetbrowser\cisvc.exe

File PE Metadata

Compilation timestamp:

4/28/2013 7:45:30 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

2.23

CTPH (ssdeep):

12288:eSeqI6zW/WWyo7GzXhzY/xbHbg0xnB//Qy9yyyyyy3yyyyyyyyyyyyyyyyXyyyyO:eSw6zWuWyo7GzXhzY/xTLYy9yyyyyy3O

Entry address:

0x14D0

Entry point:

48, 83, EC, 28, C7, 05, E2, 89, 08, 00, 00, 00, 00, 00, E8, CD, 20, 06, 00, E8, 98, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, 55, 48, 89, E5, 48, 83, EC, 20, 48, 89, 4D, 10, 48, 83, 7D, 10, 00, 74, 39, 48, 8B, 45, 10, 48, 8B, 40, 08, 48, 83, F8, FF, 74, 2B, 48, 8B, 45, 10, 48, 8B, 40, 08, 48, 8D, 50, FF, 48, 8B, 45, 10, 48, 89, 50, 08, 48, 8B, 45, 10, 48, 8B, 40, 08, 48, 85, C0, 75, 0A, 48, 8B, 4D, 10, E8, CD, D4, 05, 00, 90, 48, 83, C4, 20, 5D, C3, 55, 48, 89, E5, 5D, C3, 55, 48, 89, E5, 5D, C3, 55, 48... 
[+]

Code size:

416.5 KB (426,496 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to v7.srv.eligius.st (107.170.221.41:3334)

TCP:

Connects to v5.srv.eligius.st (104.131.100.118:3334)

TCP:

Connects to static.176.102.76.144.clients.your-server.de (144.76.102.176:8332)

Remove cisvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.