home

services and controller app.exe

The application services and controller app.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
MD5:
4fdb02dd889beb3eebf8be7691295dc2

SHA-1:
91306328f56a1363dfcca46d41279dbc1e40f47e

SHA-256:
f50298f2d400ff7dc9f0ed1c86a90b32d90f6377ce0b5f68594a5cd8ba211436

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/18/2024 5:10:42 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Bitcoinminer.Gen
7.11.134.24

AVG
Skodna.BitCoinMiner
2015.0.3549

Baidu Antivirus
Trojan.Win32.BitCoinMiner
4.0.3.1431

Dr.Web
Tool.BtcMine.150
9.0.1.060

ESET NOD32
Win32/BitCoinMiner.AF (variant)
8.9485

Fortinet FortiGate
Riskware/BitCoinMiner
3/1/2014

IKARUS anti.virus
not-a-virus:RiskTool.Win32.BitCoinMiner
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11302

Kaspersky
not-a-virus:RiskTool.Win32.BitCoinMiner
14.0.0.4238

McAfee
Artemis!4FDB02DD889B
5600.7205

NANO AntiVirus
Riskware.Win32.BitCoinMiner.cqzktk
0.28.0.58101

Sophos
Generic PUA JB
4.98

SUPERAntiSpyware
(-1) Unable to load input file.
10754

Trend Micro House Call
TROJ_GEN.R08NH07B114
7.2.60

VIPRE Antivirus
Trojan.Win32.CoinMiner.ba
26938

ViRobot
Scan Failed...
2011.4.7.4223

File size:
359 KB (367,630 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\windows multimedia platform\services and controller app.exe

File PE Metadata
Compilation timestamp:
11/5/2013 3:33:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.23

CTPH (ssdeep):
6144:GzGbYHWL3mSbJE9zEIGHHsMhfnAyXkcOsGmQrQ2dLD++wnbf4PkbdCCriVwiCH6Z:GzGc2L2wAzstAyXkcOsrWRdLTwL8kkC2

Entry address:
0x123001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 30, 12, 00, 83, BD, 88, 04, 00, 00, 00, 89, 9D, 88, 04, 00, 00, 0F, 85, CB, 03, 00, 00, 8D, 85, 94, 04, 00, 00, 50, FF, 95, A9, 0F, 00, 00, 89, 85, 8C, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, A5, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74...
 
[+]

Entropy:
7.9861

Packer / compiler:
ASPack v2.12

Code size:
743 KB (760,832 bytes)

Remove services and controller app.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.