» ssss.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

ssss.exe

GPU CPU Miner

Tee Plow & Saud

The application ssss.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from www.weebly.com.

File name:

ssss.exe

Publisher:

Tee Plow & Saud

Product:

GPU CPU Miner

Version:

1.0.0.0

MD5:

eaf36d8f6c9785f6a636791bb7060ed6

SHA-1:

da3582e2514fd0f70e9cbec42aad26d61ce11e12

SHA-256:

35693ef3d8d4c45a1781cd1e8c3e0b514df7a44f5bc38f060897abb1e3ac1d4c

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/23/2024 8:24:41 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.BitCoinMiner.EL

358

Avira AntiVirus

APPL/BitCoinMiner.EL.2

8.3.1.6

avast!

Win32:BitCoinMiner-GM [PUP]

2014.9-160212

Baidu Antivirus

Hacktool.Win32.BitCoinMiner

4.0.3.16212

Dr.Web

Tool.BtcMine.283

9.0.1.043

ESET NOD32

Win32/BitCoinMiner.BV potentially unsafe (variant)

10.11976

Fortinet FortiGate

Riskware/BitCoinMiner

2/12/2016

IKARUS anti.virus

not-a-virus:RiskTool.Win32.BitCoinMiner

t3scan.1.9.5.0

Kaspersky

not-a-virus:RiskTool.Win32.BitCoinMiner

14.0.0.673

McAfee

Artemis!EAF36D8F6C97

5600.6492

MicroWorld eScan

Application.BitCoinMiner.EL

17.0.0.129

Panda Antivirus

Generic Suspicious

16.02.12.08

Qihoo 360 Security

Win32/Trojan.13e

1.0.0.1015

Quick Heal

RiskTool.BitCoinMiner.g7 (Not a Virus)

2.16.14.00

VIPRE Antivirus

RiskTool.Win32.BitCoinMiner (not malicious)

42214

File size:

6.6 MB (6,913,536 bytes)

Product version:

1.0.0.0

Trademarks:

Tee Plow & Saud

Original file name:

GPU CPU Miner.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\tee plow & saud\gpu cpu miner\1.0.0.0\ssss.exe

File PE Metadata

Compilation timestamp:

7/1/2015 6:02:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

98304:yNy1r+3KpTgdjaKnvRpC13pXafnPnZdtAKKgJbi4cYdIL8claTHVUlYiH/pK:AUTgaKnvRpC3yPn1ATgJmC

Entry address:

0x6960FE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.0881

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

6.6 MB (6,898,176 bytes)

User Start Menu Item

Name:

SSSS.exe

The file ssss.exe has been seen being distributed by the following URL.

http://www.weebly.com/uploads/5/0/7/4/.../0000000.exe

Remove ssss.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.