home

silent_output91.exe

The executable silent_output91.exe has been detected as malware by 33 anti-virus scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from s1.directxex.com.
MD5:
34005b3a779a5fae9900a176c0defb0e

SHA-1:
7eda0c6ecaa15beee9011ebf5033665f90333ea7

SHA-256:
1b9ab5490f05f598e73082e0e027330ac8951dcd1aaf9c02e6bb0cd9ebe66b18

Scanner detections:
33 / 68

Status:
Malware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
5/4/2024 8:09:14 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.85474
786

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.BitCoinMiner
2014.11.06

Avira AntiVirus
TR/CoinMiner.uomw
7.11.183.62

avast!
Win32:Malware-gen
2014.9-141210

AVG
Generic35
2015.0.3264

Baidu Antivirus
Trojan.MSIL.KeyLogger
4.0.3.141210

Bitdefender
Gen:Variant.Zusy.85474
1.0.20.1720

Comodo Security
UnclassifiedMalware
19997

Dr.Web
Trojan.Inject1.39051
9.0.1.0344

Emsisoft Anti-Malware
Gen:Variant.Zusy.85474
8.14.12.10.02

ESET NOD32
MSIL/CoinMiner.KW
8.10675

Fortinet FortiGate
W32/Generic.KW!tr
12/10/2014

F-Secure
Gen:Variant.Zusy.85474
11.2014-10-12_4

G Data
Gen:Variant.Zusy.85474
14.12.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.13888

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.2817

Malwarebytes
Trojan.MSIL
v2014.12.10.02

McAfee
Artemis!34005B3A779A
5600.6920

Microsoft Security Essentials
Trojan:Win32/Dynamer!ac
1.11104

MicroWorld eScan
Gen:Variant.Zusy.85474
15.0.0.1032

NANO AntiVirus
Trojan.Win32.Inject1.dhxwdk
0.28.6.62995

Norman
Troj_Generic.UECQM
11.20141210

Qihoo 360 Security
Win32/Trojan.Spy.b8b
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.16CC8848!382502984
23.00.65.141208

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Zusy
10186

Trend Micro House Call
TROJ_FORUCON.BMC
7.2.344

Trend Micro
TROJ_FORUCON.BMC
10.465.10

VIPRE Antivirus
Trojan.Win32.Generic
34536

Zillya! Antivirus
Trojan.CoinMiner.Win32.638
2.0.0.1976

File size:
1.4 MB (1,483,264 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\silent_output91.exe

File PE Metadata
Compilation timestamp:
5/15/2014 2:13:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:f9RvxGr+fA8xsEMhgVto3dKYzF++9xAlfhERr7m7bw1fvZ8uqikeYtWet4zf9DIU:0rqA8FMhtdKY2iRrR1X+QhYtLt4r9DIU

Entry address:
0x1631CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 03, 00, 03, 00, 00, 00, 28, 00, 00, 80, 0E, 00, 00, 00, 60, 00, 00, 80, 18, 00, 00, 00, 78, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 05, 00, 02, 00, 00, 00, 90, 00, 00, 80, 03, 00, 00, 00, A8, 00, 00, 80, 04, 00, 00, 00, C0, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.4 MB (1,446,400 bytes)

The file silent_output91.exe has been seen being distributed by the following URL.

http://s1.directxex.com/.../P1FVyxU-u_VMTheZB-V3zvDqPuhcaIBpzuoCFJBJ2P2Gsfl0rXJ4yjL-ybBpekd2G3xYWrG9Wcr3FntqZSGsVepT1HuBcxE9-p-M

Remove silent_output91.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.