» mysafeproxyworker.exe
Overview
Analysis
File Details
Network (6)

mysafeproxyworker.exe

The application mysafeproxyworker.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.

File name:

MD5:

a7572d016f0555e6f225a07952846cca

SHA-1:

aef81c1428897f95c3e1b152b9571bdb2f5e2012

SHA-256:

52860eb9f161046a04395650ef363f7f7cea2bdb0cc13cbacc7668e0365d7361

Scanner detections:

20 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

5/21/2024 3:12:51 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.139918

948

Agnitum Outpost

Riskware.Agent

7.1.1

avast!

Win32:Miner-B [PUP]

2014.9-140701

Baidu Antivirus

Hacktool.Win32.BitCoinMiner

4.0.3.1471

Bitdefender

Gen:Variant.Graftor.139918

1.0.20.910

Emsisoft Anti-Malware

Gen:Variant.Graftor.139918

8.14.07.01.06

ESET NOD32

Win32/BitCoinMiner.BS (variant)

8.10000

Fortinet FortiGate

Riskware/BitCoinMiner

7/1/2014

F-Secure

Gen:Variant.Graftor.139918

11.2014-01-07_3

G Data

Gen:Variant.Graftor.139918

14.7.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

Kaspersky

not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner

14.0.0.3626

Malwarebytes

Trojan.BitcoinMiner

v2014.07.01.06

McAfee

RDN/Generic PUP.x!cgq

5600.7082

MicroWorld eScan

Gen:Variant.Graftor.139918

15.0.0.546

Norman

BitCoinMiner.STR

11.20140701

Sophos

Generic PUA KO

4.98

Trend Micro House Call

Suspicious_GEN.F47V0616

7.2.182

Trend Micro

HKTL_BITMINE.SML

10.465.01

VIPRE Antivirus

Trojan.Win32.Generic

30650

File size:

836.8 KB (856,841 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\xtrm group\mysafeproxy\bin\worker\mysafeproxyworker.exe

File PE Metadata

Compilation timestamp:

6/16/2014 6:51:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.23

CTPH (ssdeep):

24576:+2m32Y9cp99NHOoWwOlD0ykz2rwMz6MepBjV338cvPXU:wrmp453kzPBg

Entry address:

0x1570

Entry point:

83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, 20, 53, 4A, 00, E8, FB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 20, 53, 4A, 00, E8, DB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 64, 53, 4A, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 48, 53, 4A, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 30, 49, 00, E8, C6, F7, 08, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44... 
[+]

Entropy:

6.1918

Code size:

580 KB (593,920 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-77-22-62.eu-west-1.compute.amazonaws.com (54.77.22.62:80)

TCP (HTTP):

Connects to ec2-54-77-17-147.eu-west-1.compute.amazonaws.com (54.77.17.147:80)

TCP (HTTP):

Connects to ec2-54-77-16-238.eu-west-1.compute.amazonaws.com (54.77.16.238:80)

TCP (HTTP):

Connects to ec2-54-76-38-185.eu-west-1.compute.amazonaws.com (54.76.38.185:80)

TCP (HTTP):

Connects to ec2-54-76-28-113.eu-west-1.compute.amazonaws.com (54.76.28.113:80)

TCP (HTTP):

Connects to ec2-54-72-234-139.eu-west-1.compute.amazonaws.com (54.72.234.139:80)

Remove mysafeproxyworker.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.