» gapminer.exe
Overview
Analysis
File Details
Network (1)

gapminer.exe

The executable gapminer.exe has been detected as malware by 6 anti-virus scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address lb-182-231.above.com on port 4200.

File name:

gapminer.exe

MD5:

22b1b44e79a5a1303d23b2a951dbb324

SHA-1:

ae357f38ea35c892bd3ce7598aecb9517916136e

SHA-256:

443f246103d85c6ab110076db8d79100648596b8a200987be681b88e6f3afb5b

Scanner detections:

6 / 68

Status:

Malware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/24/2024 11:18:06 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

avast!

Win64:Rootkit-gen [Rtk]

2014.9-150119

Baidu Antivirus

Hacktool.Win64.BitCoinMiner

4.0.3.15119

ESET NOD32

Win64/BitCoinMiner.AM

9.11031

McAfee

Artemis!22B1B44E79A5

5600.6881

Norman

Suspicious_Gen4.HMQGR

11.20150119

Trend Micro House Call

Suspicious_GEN.F47V1210

7.2.19

File size:

2.9 MB (3,003,628 bytes)

File type:

Executable application (Win64 EXE)

File PE Metadata

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

2.24

CTPH (ssdeep):

49152:gFP3/cLimc6ftXgkT2EVbN+hhCKTP721TwE6Q5ccu3mN:YYiwFhNY7u6Q5ccu3mN

Entry address:

0x14D0

Entry point:

48, 83, EC, 28, C7, 05, 62, DE, 18, 00, 00, 00, 00, 00, E8, 2D, E0, 0A, 00, E8, 98, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, 48, 8D, 0D, 39, BB, 18, 00, E9, 24, 24, 11, 00, 0F, 1F, 40, 00, 31, C0, 48, C7, 41, 60, 00, 00, 00, 00, 48, C7, 41, 68, 00, 00, 00, 00, 48, C7, 41, 70, 00, 00, 00, 00, 48, C7, 41, 04, 00, 00, 00, 00, 48, C7, 41, 0C, 00, 00, 00, 00, 48, C7, 41, 14, 00, 00, 00, 00, 48, C7, 41, 1C, 00, 00, 00, 00, 48, C7, 41, 24, 00, 00, 00, 00, 48, C7, 41, 2C, 00, 00, 00, 00, 48, C7, 41, 34, 00, 00... 
[+]

Entropy:

5.8920

Code size:

1.1 MB (1,171,456 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to lb-182-231.above.com (103.224.182.231:4200)

Remove gapminer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.