» steam.exe
Overview
Analysis
File Details
Behaviors (1)

steam.exe

The application steam.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.

File name:

steam.exe

MD5:

8817f71626e3e08fd716a73bed3e676e

SHA-1:

f101225703e5dcf89e57557d92b48b3fe152a943

SHA-256:

2fde67f30bb244a23e20e88451d5a265a6630a886b9baaf77f62201fd27948ec

Scanner detections:

10 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/18/2024 3:57:06 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

W32.Virut

2.1.4+

AhnLab V3 Security

Trojan/Win32.BitCoinMiner

2014.11.01

avast!

Win32:BitCoinMiner-GQ [PUP]

2014.9-141101

Baidu Antivirus

Hacktool.Win32.BitCoinMiner

4.0.3.14111

ESET NOD32

Win32/BitCoinMiner.BY (variant)

8.10649

Fortinet FortiGate

Riskware/BitCoinMiner

11/1/2014

K7 AntiVirus

Trojan

13.185.13853

McAfee

Artemis!8817F71626E3

5600.6960

Sophos

Generic PUA PB

4.98

VIPRE Antivirus

VirTool.Win32.Obfuscator.hg!b1

34392

File size:

1 MB (1,074,111 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\zog\reversed\steam.exe

File PE Metadata

Compilation timestamp:

10/16/2014 8:23:27 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

24576:WkqeTrhWCzAVVF3MmJ7/TirAiCtKas67nF/Ydozohsa:WCTrhdzAVVfRT1iCth/YC3a

Entry address:

0x1284

Entry point:

55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, FF, 15, 38, E5, 4C, 00, E8, 64, FD, FF, FF, 55, 89, E5, 83, EC, 08, A1, 70, E5, 4C, 00, C9, FF, E0, 66, 90, 55, 89, E5, 83, EC, 08, A1, 50, E5, 4C, 00, C9, FF, E0, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 80, 4A, 00, E8, 1A, 4B, 0A, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, 80, 4A, 00, 89, 04, 24, E8, 0D, 4B, 0A, 00, 83, EC, 08, 85, C0, 74, 11, C7, 44, 24, 04, 08, 70, 4C, 00, C7, 04, 24, 00, D0, 4B, 00, FF, D0, 8B, 0D, 60, 7F, 4A, 00, 85, C9, 74... 
[+]

Code size:

662 KB (677,888 bytes)

Scheduled Task

Task name:

Steam-S-1-8-22-9865GUI

Trigger:

Logon (Runs on logon)

Action:

steam.exe pussypenitraitor3000.

Remove steam.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.