home

solve.exe

The executable solve.exe has been detected as malware by 3 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
MD5:
f2e715b56b686d7b2b2b6a45bef93b0f

SHA-1:
c6e792334a3725a622071328bb7d0fca5551b61a

SHA-256:
9846420f5169cc411069d485ae8f9e26f6b027e8f33aced8ceac31d85f098d4c

Scanner detections:
3 / 68

Status:
Malware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
5/18/2024 7:28:49 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.BitCoinMiner
4.0.3.1436

ESET NOD32
Win32/BitCoinMiner.BF (variant)
8.9452

VIPRE Antivirus
Trojan.Win32.CoinMiner.ba
26682

File size:
675.1 KB (691,315 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\math problem solver\gpu\solve.exe

File PE Metadata
Compilation timestamp:
2/13/2014 11:57:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.21

CTPH (ssdeep):
12288:LwkPIR+1TK8ZLxXxiGaoaR5XVTZEDuY0jsLdafR3IxU:L9PIRITK8ZLxXxiGIR5XZZEDuY0jsLdq

Entry address:
0x14E0

Entry point:
55, 89, E5, 83, EC, 08, C7, 05, 3C, 8E, 46, 00, 00, 00, 00, 00, E8, EB, F7, 04, 00, C9, E9, 85, FC, FF, FF, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, 83, 3D, 08, 86, 45, 00, 00, 74, 39, C7, 04, 24, 20, 90, 45, 00, FF, 15, AC, E6, 46, 00, 89, C2, B8, 00, 00, 00, 00, 85, D2, 51, 74, 13, 89, 14, 24, C7, 44, 24, 04, 2E, 90, 45, 00, FF, 15, B0, E6, 46, 00, 52, 52, 85, C0, 74, 09, C7, 04, 24, 08, 86, 45, 00, FF, D0, C9, C3, 55, 89, E5, 5D, C3, 90, 55, 89, E5, 8B, 45, 08, C7, 00, 04, 00, 00, 00, 31, C0, 5D, C3...
 
[+]

Code size:
341.5 KB (349,696 bytes)

Scheduled Task
Task name:
Math Problem Solver GPU

Trigger:
Idle (Runs when idle)

Action:
solve.exe --scrypt -i 11 -o stratum+tcC:\78.138.126.85: -o


Remove solve.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.