home

m.exe

The application m.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from www.weebly.com and multiple other hosts.
MD5:
79cda9e758eaea9e7830e34ac80f4f67

SHA-1:
8c7869758d61f82d4050425968e449ac3343d392

SHA-256:
16e9656f53cfae61f627ca9c8ec7ef687083faab9f75908571c7a4f931112f3d

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/26/2024 9:12:32 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/BitCoinMiner.Gen
3.6.1.96

avast!
Win32:Miner-B [PUP]
2014.9-150411

AVG
BitCoinMiner
2016.0.3142

Baidu Antivirus
Trojan.Win64.BitCoinMiner
4.0.3.15411

ESET NOD32
Win64/BitCoinMiner.U potentially unsafe (variant)
9.11372

Kaspersky
Trojan.Win64.BitMin
14.0.0.2207

McAfee
Artemis!79CDA9E758EA
5600.6798

NANO AntiVirus
Trojan.Win64.BitCoinMiner.dpieja
0.30.8.659

Panda Antivirus
Generic Suspicious
15.04.11.03

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Sophos
CpuMiner
4.98

Trend Micro House Call
Suspicious_GEN.F47V0324
7.2.101

File size:
2.2 MB (2,329,088 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\v18dwl2e\m.exe

File PE Metadata
Compilation timestamp:
3/25/2015 1:28:44 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:aVg5tQ7agsh578fPpMvmtaWOR5w66j2wpFPwQLeLw85:Eg564h6fhMvmtJWKlj2wjwQL3

Entry address:
0x25F74

Entry point:
E8, 6A, CE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, A3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Entropy:
7.6855

Code size:
557.5 KB (570,880 bytes)

The file m.exe has been seen being distributed by the following 2 URLs.

http://www.weebly.com/uploads/4/9/6/5/.../m.exe

http://www.weebly.com/uploads/4/9/6/7/.../m.exe

Remove m.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.