» guiminer-20121203.exe
Overview
Analysis
File Details
Programs (1)
Downloads (17)

guiminer-20121203.exe

The program is a setup application that uses the 7z Setup installer. The file has been seen being downloaded from goo.gl and multiple other hosts.

File name:

MD5:

c15e7460afb96440d267326045effc47

SHA-1:

d869ea86cbfb0ec1db2a8bde6fa697a612bdb20f

SHA-256:

6e96a70f816f9dd25858b5fe9b83ead86bbdef53a58b15e1b6da2ae6ff4611f5

Scanner detections:

5 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/19/2024 4:11:39 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clod141.Trojan

1.3.0.4613

Dr.Web

Tool.BtcMine.101

9.0.1.0350

Kaspersky

not-a-virus:RiskTool.Win32.BitCoinMiner

14.0.0.4612

VIPRE Antivirus

RiskTool.Win32.BitCoinMiner (not malicious)

28564

ViRobot

JS.A.Iframe.7731626

2011.4.7.4223

File size:

7.4 MB (7,731,626 bytes)

File type:

Executable application (Win32 EXE)

Installer:

7z Setup

Language:

English (United States)

File PE Metadata

Compilation timestamp:

11/18/2010 5:27:33 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

196608:6GkWBWhSDZakbxymg5XRJXI8gfpyr2tuvs9Fj8P:6GlBWhWZJW5L22iuMF4P

Entry address:

0x1D262

Entry point:

55, 8B, EC, 6A, FF, 68, 20, 1E, 42, 00, 68, 5C, D2, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 04, 11, 42, 00, 59, 83, 0D, 90, BD, 42, 00, FF, 83, 0D, 94, BD, 42, 00, FF, FF, 15, 00, 11, 42, 00, 8B, 0D, 70, 9D, 42, 00, 89, 08, FF, 15, FC, 10, 42, 00, 8B, 0D, 6C, 9D, 42, 00, 89, 08, A1, 64, 11, 42, 00, 8B, 00, A3, 8C, BD, 42, 00, E8, 1C, 01, 00, 00, 39, 1D, 20, 7A, 42, 00, 75, 0C, 68, EA, D3, 41, 00, FF, 15, 0C, 11... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

124.5 KB (127,488 bytes)

The file guiminer-20121203.exe has been discovered within the following program.

Bitcoin by Bitcoin project

Publisher's description - “Bitcoin uses peer-to-peer technology to operate with no central authority; managing transactions and the issuing of bitcoins is carried out collectively by the network.”

www.bitcoin.org

About 9% of users remove it

The file guiminer-20121203.exe has been seen being distributed by the following 17 URLs.

http://goo.gl/0yrdzp

http://www.funcyclecapital.com/dimBkJd5HpxIYRVw_jROjqJLnJAtvjGnNWwvyEoX5d1CI F yNkHBCjmzAYcCwRXPvB YtaK6Ws3MxQ0D37GkCPdkd7ZZ6lURszJ7kLs9C8eQMB2oScNXlzzl uXnekWvrJM3ZmFbSJubma1WZqxAAwKVe0Reh0SWqwLLrxA2NKf0iMhG2azWb_CNWMOM9N85_lNJ9yymAG4xzKpKiFmJMfbwV4t3g==-G0EAAOR5nl8lz n5spY2xpCBDThwKth0GwCHjbFzBUH6scY8f2swvy3ER_I9WPzhmrXLQAuPLjvo5cSUQb8C

http://gsf-cf.softonic.com/d86/9ea/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69662512&instance=softonic_en&type=PROGRAM&Expires=1459764978&Signature=PLnpyT7WYo9HfPwIOWgk1JEBFJC3Dkww4SM8QX~Y9YqoSqD0CaeiYFdjUx131gjwHfN~Qaa53~NDjEsvOvjYtju0YFY9fnsocT73xRwftXJBMjM5Rm6EiskVyN~q9II3DjX3iehhHcnIGw~nV0-Ed8BctHnDfLgyWlrRwnsWa90_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=guiminer-20121203.exe

http://gsf-cf.softonic.com/d86/9ea/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69662512&instance=softonic_en&type=PROGRAM&Expires=1456140613&Signature=WZSfEAhKjfJOnq1C4KpkEDrhPObHy7QLvFfM5GopwwpuVkYEJn45YmAgDNlk5~kC3Rpsd5OD0E0f9MBZi9zFjZs2OHKYhqNwuvgkynH6XAOyYJ8x3cy9JhuSWWjZPcHscXoqctpiM~YUDEOtAvoJX6aI2n9Q-qqHkMvAnumHnK4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=guiminer-20121203.exe

http://gsf-cf.softonic.com/d86/9ea/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69662512&instance=softonic_en&type=PROGRAM&Expires=1456062882&Signature=MLPEp9YPBbojLBzzpetXbvjsqMivX1yWMYPtoyNLodowwwGHd6vv91tEQP4cp7m5nLyPWYUpZQNYAf6HnIdgDwNyhYrChRyxVcJtYWZRDP19CLPmgXh5fKieV-SDqxrX43R-cuo9FDx4FzFMIx-8pAkM6htgMSSPlmzgSlTKuwQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=guiminer-20121203.exe

http://gsf-cf.softonic.com/d86/9ea/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69662512&instance=softonic_en&type=PROGRAM&Expires=1453832458&Signature=BRq2B2poTkOpZaKgWx7cHcOg68g73g7iAunZ6dR-Ou3MfP3eksiNfsK9w7Zp9VSlso9musEXEQwr8LnN5jpRtYDQKl7FetZ6Ur~NhiGlgLaSQJRV2WmEZtRsMk1uaWOF0T~dzAwPVv2QhCz285gboYfSObF948LAcfdRxkfO5MU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=guiminer-20121203.exe

http://gsf-cf.softonic.com/d86/9ea/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69662512&instance=softonic_en&type=PROGRAM&Expires=1435343845&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Z1FObL-4P1ojg6Sbt2vMMW9DK~BingEqBJN9TX6AGLyXVJNlNKqbXM5ma9dhnGr7zsyMw2ihSka9vRYknhEtwIwoytlRU63H9ygfagqEAG0RN-Fy3aVoHKdSzEdh8XL1GMJK9x6QWVv1sRg30cB47AJ-S7-ni-Hi49nI~axbYNc_&filename=guiminer-20121203.exe

http://gsf-cf.softonic.com/d86/9ea/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69662512&instance=softonic_it&type=PROGRAM&Expires=1453128622&Signature=QgU5Fv8NLeOj8m2jjnegl8~Mvq3nOYuACMyNHO8rSPuuBjEIqOqiVujTi7ce3PRZaPGZDjLdgRXfLtYgqNPMahMV1f60ubE2IaouD06lOhXAq1tWdKvWR3bfimkOaEff5BXRm2nzVFqXd2zzZcVk-yp8HMgKS0CjfBU9FyGgRgo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=guiminer-20121203.exe

http://www.pcwelt.de/download_file?bid=1943955

http://113.171.224.207/.../guiminer-20121203.exe

https://cloud.github.com/downloads/Kiv/.../guiminer-20121203.exe

http://guiminer.softonic.it/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAP8H3OMTgXJzFu/IPX5wqZixhBeibpo6fnk0V3NYM/.../6fU4jHWK45rPttq8wCdZNjPOqWFDvAR8Q0N19JM3G3ckTWBJf7sy9b0iUa7gWBzvostJ8fcB4E8IFAsYtQ3OA==

http://www.logitheque.com/.../f0561732.dl

https://s3.amazonaws.com/github/downloads/Kiv/.../guiminer-20121203.exe

http://github.com/downloads/Kiv/.../guiminer-20121203.exe

http://cloud.github.com/downloads/Kiv/.../guiminer-20121203.exe

https://github.com/downloads/Kiv/.../guiminer-20121203.exe

Scan guiminer-20121203.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.