» nscpucnminer64.exe
Overview
Analysis
File Details

nscpucnminer64.exe

The application nscpucnminer64.exe has been detected as a potentially unwanted program by 26 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.

File name:

nscpucnminer64.exe

MD5:

7f01750b1ad54b92d552d3b171a8f57c

SHA-1:

d7ef553e8922948fcec060188ca4adb42a4c942b

SHA-256:

9e3165009f043bb5988c0d00dfe643ee0a7d53a2da944a0608e95d8081296f72

Scanner detections:

26 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/26/2024 9:06:25 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Virtob.Gen.12

-40

AegisLab AV Signature

Virus.W32.Virut!c

2.1.4+

Arcabit

Win32.Virtob.Gen.12

1.0.0.792

avast!

Win64:Vitro

2014.9-170316

AVG

Generic_r

2018.0.2438

Baidu Antivirus

Win32.Virus.Virut

4.0.3.17316

Bitdefender

Win32.Virtob.Gen.12

1.0.20.375

Bkav FE

W32.Vetor.PE

1.3.0.8455

Dr.Web

Win32.Virut.56

9.0.1.075

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

8.17.03.16.05

ESET NOD32

Win32/Virut.NBP

11.14704

Fortinet FortiGate

Malware_Generic.P0

3/16/2017

F-Secure

Win32.Virtob.Gen.12

11.2017-16-03_5

G Data

Win32.Virtob.Gen.12

17.3.25

IKARUS anti.virus

Trojan.Win64.CoinMiner

0.1.3.4

Kaspersky

Virus.Win32.Virut

14.0.0.-1316

Malwarebytes

RiskWare.BitCoinMiner

v2017.03.16.05

MicroWorld eScan

Win32.Virtob.Gen.12

18.0.0.225

NANO AntiVirus

Virus.Win64.Virut-Gen.bwpxnc

1.0.70.14475

Panda Antivirus

W32/Sality.AO

17.03.16.05

Quick Heal

W32.Virut.G

3.17.14.00

Rising Antivirus

Malware.Generic!rOmT7fQJhzL@5 (thunder)

23.00.65.17314

Sophos

Mal/Miner-C

4.98

Trend Micro House Call

TROJ_COINMINER_EK200003.UVPM

7.2.75

Trend Micro

TROJ_COINMINER_EK200003.UVPM

10.465.16

VIPRE Antivirus

Virus.Win32.Virut.ce

54932

File size:

1.5 MB (1,583,616 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\roaming\nscpucnminer\nscpucnminer64.exe

File PE Metadata

Compilation timestamp:

2/18/2089 2:31:36 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

11.0

Entry address:

0x3AAD90

Entry point:

42, 68, 38, 4E, 00, 00, F8, 59, 8B, C7, F6, D2, F6, D4, BA, FD, 5B, 40, 99, 8B, D4, EB, AE, 00, 00, 00, C4, 00, 72, 81, AD, BA, 00, 3D, 13, 8C, 57, 8B, D6, 21, E2, 8D, 93, 13, 0B, 5A, 97, F7, D0, B0, AD, 80, D6, FE, 83, E9, 02, EB, 0F, 00, 00, 00, 00, FD, C5, 00, 25, 3E, 2C, 9B, 94, CE, A9, 2E, BA, F3, 3C, 1A, F7, 8A, C1, 0F, 8D, 6E, FF, FF, FF, 8A, D1, E9, 7E, 62, 00, 00, F8, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 40, 3A, 00, 14, 00, 00, 00, 38, AD, 40, AD, 48, AD, 50, AD... 
[+]

Entropy:

7.9312 (probably packed)

Code size:

669 KB (685,056 bytes)

Remove nscpucnminer64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.