» hw64.exe
Overview
Analysis
File Details

hw64.exe

The executable hw64.exe has been detected as malware by 26 anti-virus scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.

File name:

hw64.exe

MD5:

404605631c70df6c7435e9133673ff98

SHA-1:

797bfb4a3a5558551769161652638a8106f94e7e

SHA-256:

485abad8db42ab0e47bc19296589fd1f8a49daf049d1f8270fc89034fef27b81

Scanner detections:

26 / 68

Status:

Malware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

1/7/2026 5:52:47 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.ScriptKD.625

843

Agnitum Outpost

Trojan.BitMin

7.1.1

Avira AntiVirus

TR/ScriptKD.625

7.11.177.204

avast!

Win32:Malware-gen

2014.9-141015

Baidu Antivirus

Trojan.Win64.BitCoinMiner

4.0.3.141015

Bitdefender

Trojan.ScriptKD.625

1.0.20.1440

Emsisoft Anti-Malware

Trojan.ScriptKD.625

8.14.10.15.06

ESET NOD32

Win64/BitCoinMiner.AH (variant)

8.10551

Fortinet FortiGate

W64/BitMin.AH!tr

10/15/2014

F-Secure

Trojan.ScriptKD.625

11.2014-15-10_4

G Data

Trojan.ScriptKD.625

14.10.24

IKARUS anti.virus

Trojan.Win64.BitMin

t3scan.1.7.8.0

K7 AntiVirus

Trojan

13.183.13642

Kaspersky

Trojan.Win64.BitMin

14.0.0.3099

McAfee

Artemis!404605631C70

5600.6977

MicroWorld eScan

Trojan.ScriptKD.625

15.0.0.864

NANO AntiVirus

Trojan.Win64.BitCoinMiner.devhlj

0.28.2.62483

Norman

BitMin.A

11.20141015

nProtect

Trojan.ScriptKD.625

14.10.12.01

Qihoo 360 Security

Win32/Trojan.Script.350

1.0.0.1015

Quick Heal

Trojan.Win64.g9

10.14.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.175F056E!392103278

23.00.65.141013

Trend Micro House Call

TROJ_GE.49AAE522

7.2.288

Trend Micro

TROJ_GE.49AAE522

10.465.15

Vba32 AntiVirus

Trojan.Win64.BitMin

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

33862

File size:

1.2 MB (1,309,708 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\hw64.exe

File PE Metadata

Compilation timestamp:

6/9/2012 9:19:49 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:w2O/GlJ9fES2LjEYRbUCXQYe14avffH/UBFbwknF4ZuW7AwsMQeLF3+u:bEZL/RDQYsJPH/UPS7hrJt

Entry address:

0xAC87

Entry point:

E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00... 
[+]

Entropy:

7.9704 (probably packed)

Code size:

73 KB (74,752 bytes)

Remove hw64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.