home

idlec.exe

Meridian Tech Pte Limited

The application idlec.exe by Meridian Tech Pte Limited has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address us4.litecoinpool.org on port 3333.
Publisher:
Meridian Tech Pte Limited  (signed and verified)

MD5:
9db58bc17e2c1a5ebb96f680a3951d1e

SHA-1:
524330712aa40ad68b4ec6f6edc165008c8b19fa

SHA-256:
e4c1e6ab6067345e707b340e1dee596cbf857f81044444a8d7e147de027a6524

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/19/2024 6:12:25 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bitcoinminer.F
1002

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:BitCoinMiner-FA [PUP]
2014.9-140508

Bitdefender
Application.Bitcoinminer.F
1.0.20.640

Dr.Web
Tool.BtcMine.284
9.0.1.0128

ESET NOD32
Win32/BitCoinMiner.AX (variant)
8.9566

F-Secure
Application.Bitcoinminer.F
11.2014-08-05_5

G Data
Application.Bitcoinminer
14.5.24

Kaspersky
not-a-virus:RiskTool.Win32.BitCoinMiner
14.0.0.3897

Malwarebytes
Riskware.BitcoinMiner
v2014.05.08.02

MicroWorld eScan
Application.Bitcoinminer.F
15.0.0.384

NANO AntiVirus
Riskware.Win32.BitCoinMiner.cuwlis
0.28.0.58491

Qihoo 360 Security
Win32/Application.053
1.0.0.1015

File size:
191.6 KB (196,240 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ziddu\idlec.exe

Digital Signature
Signed by:
Meridian Tech Pte Limited

Authority:
VeriSign, Inc.

Valid from:
3/4/2014 1:00:00 AM

Valid to:
3/1/2015 12:59:59 AM

Subject:
CN=Meridian Tech Pte Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Meridian Tech Pte Limited, L=SINGAPORE, S=SINGAPORE, C=SG

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56ED302CFAEE156672C8718A1FACD50E

File PE Metadata
Compilation timestamp:
2/27/2014 10:42:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.23

CTPH (ssdeep):
3072:rHidscHrfc99K+WjK8LXerhMmCBFRyVj7Ahf8xmszPcgo:rHpUfSB8LXerhMmCBF3JvSP8

Entry address:
0x14C0

Entry point:
83, EC, 0C, C7, 05, 9C, 03, 43, 00, 00, 00, 00, 00, E8, EE, 00, 02, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, A1, 44, C7, 42, 00, 85, C0, 74, 3C, C7, 04, 24, 00, D0, 42, 00, FF, 15, F8, 22, 43, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 16, C7, 44, 24, 04, 0E, D0, 42, 00, 89, 04, 24, FF, 15, 00, 23, 43, 00, 83, EC, 08, 89, C2, 85, D2, 74, 09, C7, 04, 24, 44, C7, 42, 00, FF, D2, C9, C3, 8D, 76, 00, 55, 89, E5, 5D, C3, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90...
 
[+]

Code size:
170 KB (174,080 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to us4.litecoinpool.org  (198.251.80.29:3333)

Remove idlec.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.