home

feathercoin-0.8.7.1-setup.exe

Feathercoin

Feathercoin project

The application feathercoin-0.8.7.1-setup.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from www.feathercoin.com and multiple other hosts.
Publisher:
Feathercoin project

Product:
Feathercoin

Version:
0.8.7.1

MD5:
d8915be63b10f140283082dfce753848

SHA-1:
91edf55244b0863059d9fee25ff365c7a771952d

SHA-256:
34ff33d1292918576a557fc8995798c3f7d2833be59cc3d9bc9b6a6fbde28295

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/28/2024 9:24:16 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/BitCoinMiner.21021696
7.11.209.134

avast!
Win32:Malware-gen
2014.9-150213

ESET NOD32
Win32/BitCoinMiner.BJ potentially unsafe (variant)
9.11159

Fortinet FortiGate
Riskware/BitCoinMiner
2/13/2015

G Data
Win32.Trojan.Agent.K2VJDY
15.2.25

IKARUS anti.virus
Trojan.BitCoinMiner
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.194.14938

McAfee
Artemis!D8915BE63B10
5600.6855

Sophos
Generic PUA JB
4.98

Trend Micro House Call
TROJ_GEN.R002C0OLT14
7.2.44

Trend Micro
TROJ_GEN.R002C0OLT14
10.465.13

VIPRE Antivirus
Trojan.Win32.Generic
37446

File size:
7.2 MB (7,520,744 bytes)

Product version:
0.8.7.1

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\feathercoin-0.8.7.1-setup.exe

File PE Metadata
Compilation timestamp:
5/11/2014 3:03:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:+/e8SPGzSil+/wIZazyO2h2qORA2seQBzVUWhjJEYQww5NJxVNUY3GjPPz9:+/NSocwiazyzAqB2edVFJJfQzDVj3E3J

Entry address:
0x3217

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 98, 37, 42, 00, E8, AD, 2D, 00, 00, A3, E4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, A0, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, 2E, 42, 00, E8, 57, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 45, 2A...
 
[+]

Entropy:
7.9993

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file feathercoin-0.8.7.1-setup.exe has been seen being distributed by the following 2 URLs.

http://www.feathercoin.com/.../feathercoin-0.8.7.1-setup.exe

https://www.feathercoin.com/.../feathercoin-0.8.7.1-setup.exe

Remove feathercoin-0.8.7.1-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.