» rublik.exe
Overview
Analysis
File Details

rublik.exe

Rublik.com CA

The executable rublik.exe has been detected as malware by 15 anti-virus scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.

File name:

rublik.exe

Publisher:

Rublik.com CA (signed and verified)

MD5:

c9a9b374f38b4adc73ca90e69d7d1fe8

SHA-1:

daa0f5e832f3bc0c458a82c154d0ac77fe3e9a10

SHA-256:

4444a9bbd613f7fcc526441459410c04c72b88eb8e0add6a611a7f2029d4732f

Scanner detections:

15 / 68

Status:

Malware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/18/2024 11:53:41 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.BitCoinMiner.BL

1010

Agnitum Outpost

RiskTool.BitCoinMiner

7.1.1

Baidu Antivirus

Trojan.Win32.BitCoinMiner

4.0.3.1451

Bitdefender

Application.BitCoinMiner.BL

1.0.20.605

Bkav FE

W32.Clod8ae.Trojan

1.3.0.4923

Dr.Web

Tool.BtcMine.93

9.0.1.0121

ESET NOD32

Win32/Rublik (variant)

8.9341

F-Secure

Application.BitCoinMiner.BL

11.2014-01-05_5

G Data

Application.BitCoinMiner.BL

14.5.24

IKARUS anti.virus

not-a-virus:RiskTool.Win32.BitCoinMiner

t3scan.2.2.29

K7 AntiVirus

Trojan

13.175.10963

Kaspersky

not-a-virus:RiskTool.Win32.BitCoinMiner

14.0.0.3935

MicroWorld eScan

Application.BitCoinMiner.BL

15.0.0.363

Sophos

Generic PUA NK

4.97

VIPRE Antivirus

Trojan.Win32.Generic

25852

File size:

1.3 MB (1,382,400 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\rublik\rublik.exe

Digital Signature

Signed by:

Rublik.com CA

Authority:

Rublik.com CA

Valid from:

8/7/2011 11:55:09 PM

Valid to:

8/4/2021 11:55:09 PM

Subject:

CN=www.rublik.com, O=Rublik.com CA, S=Some-State, C=RU

Issuer:

CN=www.rublik.com, O=Rublik.com CA, S=Some-State, C=RU

Serial number:

00E17BBDC5AA90D19D

File PE Metadata

Compilation timestamp:

3/6/2013 4:46:24 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

24576:F2xJGTMtGbrQxHB1YMfrzQ7Y9weNvFeJ/qn+/qwEy5Vz2wwbjue7erDEUp7GB/F0:F2xJGTMtGbrQxHB1YIzQ7Y9weNvFeJ/d

Entry address:

0x12A0

Entry point:

55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 38, 60, 52, 00, E8, 98, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 5C, 60, 52, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 50, 60, 52, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 10, 4E, 00, E8, 2A, 65, 06, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, 10, 4E, 00, 89, 04, 24, E8, 1D, 65, 06, 00, 83, EC, 08, 85, C0, 74, 11, C7, 44, 24, 04, 08, 40, 52, 00, C7, 04, 24, 80, FC, 50, 00, FF, D0, 8B... 
[+]

Entropy:

6.5345

Packer / compiler:

MingWin32

Code size:

864.5 KB (885,248 bytes)

Remove rublik.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.