home

photon-qt.exe

Photon-Qt

Photon

The executable photon-qt.exe, “photon-Qt (OSS GUI client for Bitcoin)” has been detected as malware by 5 anti-virus scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from doc-0g-4o-docs.googleusercontent.com.
Publisher:
Photon

Product:
Photon-Qt

Description:
photon-Qt (OSS GUI client for Bitcoin)

Version:
0.8.9.3

MD5:
ea73e516af2cab1d99029f1ef00aca5f

SHA-1:
fe6151bae6cd209909aa637e7016a220c307dffb

SHA-256:
9a4db706c1715b1715d900106f1f4047540a39b33d4254b36d0e36d6ea739b99

Scanner detections:
5 / 68

Status:
Malware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/24/2024 4:50:35 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.HDC
2015.01.22

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.15727

ESET NOD32
Win32/BitCoinMiner.BJ (variant)
9.11053

McAfee
Artemis!EA73E516AF2C
5600.6691

Trend Micro House Call
Suspicious_GEN.F47V1130
7.2.208

File size:
18.1 MB (18,968,576 bytes)

Product version:
0.8.9.3

Copyright:
2009-2014 The Bitcoin developers, 2013 The Blakecoin developers 2014 The Photon developers

Original file name:
photon-qt.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
11/30/2014 1:39:30 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
393216:kO62nbCM3MNF2M21nbN290r4Jsv6tWKFdu9C:16cman2

Entry address:
0x14B0

Entry point:
83, EC, 0C, C7, 05, E4, C5, 58, 01, 01, 00, 00, 00, E8, 4E, 65, 11, 00, 83, C4, 0C, E9, B6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, E4, C5, 58, 01, 00, 00, 00, 00, E8, 2E, 65, 11, 00, 83, C4, 0C, E9, 96, FC, FF, FF, 90, 90, 90, 90, 90, 90, 55, 89, E5, 53, 83, EC, 14, 8B, 1D, CC, AE, 59, 01, C7, 04, 24, 20, 30, 12, 01, FF, D3, BA, 40, 99, E5, 00, 83, EC, 04, 85, C0, 74, 16, C7, 44, 24, 04, 33, 30, 12, 01, 89, 04, 24, FF, 15, D8, AE, 59, 01, 83, EC, 08, 89, C2, 85, D2, 74, 11, C7, 44, 24, 04...
 
[+]

Entropy:
6.3524

Code size:
13.1 MB (13,714,432 bytes)

The file photon-qt.exe has been seen being distributed by the following URL.

https://doc-0g-4o-docs.googleusercontent.com/docs/securesc/d0dn3p0sp0fbb5dm751uu4845bb81su9/kpcooi3d52vljro3nkhkpdhcf8daf0ld/1417320000000/17976843014322668772/.../0Bz8503hoyr74NVZqTUM0cmR4Qlk?e=download

Remove photon-qt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.