ufasoft_coin_0.101.exe

The application ufasoft_coin_0.101.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from ufasoft.com.
MD5:
a52a01d7ffe02498b64015981dd15f2c

SHA-1:
8768bd944de719d75d87e5d9e0e6fb9d6fd9486c

SHA-256:
0e8706987f0c554cfcd4a2ea80dbbda48d28f83ebdf5883a9114a3fe7b1d4be3

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
2/18/2018 6:20:52 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.BtcMine
7.1.1

Avira AntiVirus
TR/BitCoinMiner.3630348
7.11.210.48

avast!
Win32:Malware-gen
2014.9-150706

AVG
MultiDropper_c
2016.0.3056

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.1576

Dr.Web
Tool.BtcMine.259
9.0.1.0187

ESET NOD32
MSIL/BitCoinMiner.E potentially unsafe (variant)
9.11174

G Data
Win32.Application.Agent.3MKTGL
15.7.25

K7 AntiVirus
Trojan
13.194.14963

K7 Gateway Antivirus
Trojan
13.194.14962

Malwarebytes
PUP.BitCoinMiner
v2015.07.06.05

McAfee
Artemis!A52A01D7FFE0
5600.6712

McAfee Web Gateway
Artemis
7.6712

Norman
Suspicious_Gen4.HPCQI
11.20150706

Quick Heal
(Suspicious) - DNAScan
7.15.14.00

Sophos
Bitcoin Miner
4.98

Trend Micro House Call
TROJ_GEN.R00UC0EB115
7.2.187

Trend Micro
TROJ_GEN.R00UC0EB115
10.465.06

VIPRE Antivirus
Bitcoin Miner (not malicious)
37538

Zillya! Antivirus
Trojan.TDSS.Win32.42540
2.0.0.2066

File size:
3.5 MB (3,630,348 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ufasoft_coin_0.101.exe

File PE Metadata
Compilation timestamp:
11/17/2014 1:20:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
98304:lI2IVfvW0BKw497d5eBcYycVMdDN2jp5KabwFGT3yPW:K2I1vW0BS9J5Eb2dDNivJX3

Entry address:
0x4C6C

Entry point:
55, 8B, EC, 83, EC, 44, 68, 0C, 60, 40, 00, 68, 00, 60, 40, 00, E8, 37, 00, 00, 00, 59, 59, 8D, 45, BC, 50, FF, 15, 88, 50, 40, 00, F6, 45, E8, 01, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, FF, 15, 84, 50, 40, 00, 50, 6A, 00, 6A, 00, FF, 15, 68, 50, 40, 00, 50, E8, 85, F3, FF, FF, 8B, E5, 5D, C3, 8B, 44, 24, 08, 53, 56, 8B, 74, 24, 0C, 33, DB, 2B, C6, 83, C0, 03, C1, E8, 02, 39, 74, 24, 10, 57, 1B, FF, F7, D7, 23, F8, 76, 15, 8B, 06, 85, C0, 74, 07, 83, F8, FF, 74, 02, FF, D0, 83, C6, 04, 43, 3B, DF...
 
[+]

Entropy:
7.9996

Developed / compiled with:
Microsoft Visual C++

Code size:
16 KB (16,384 bytes)

The file ufasoft_coin_0.101.exe has been seen being distributed by the following URL.

Remove ufasoft_coin_0.101.exe - Powered by Reason Core Security