ufasoft_coin_0.64.exe

The application ufasoft_coin_0.64.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from ufasoft.com.
MD5:
abbf140e08a5f94f00754790a76388df

SHA-1:
b5cea1a2dff86317b782882d2c4d09dad9d37467

SHA-256:
eaabc8a8a32dde62a5398c574af6d2344d7512824f593df48f1439f3481a3a42

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
5/23/2018 11:27:14 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
HackTool/Win32.BitCoinMiner
2013.07.19

Antiy Labs AVL
RiskTool/Win32.BitCoinMiner
2.0.3.7

ESET NOD32
Win32/BitCoinMiner (variant)
10.8583

Kingsoft AntiVirus
Win32.HeurC.KVM099.a.(kcloud)
331020.49267

Malwarebytes
PUP.BitCoinMiner
v2016.05.04.06

Norman
Suspicious_Gen4.EGRJK
11.20160504

Sophos
Bitcoin Miner
4.91

Trend Micro House Call
TROJ_GEN.R0CBH01GC13
7.2.125

File size:
1.5 MB (1,597,466 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ufasoft_coin_0.64.exe

File PE Metadata
Compilation timestamp:
9/18/2012 3:10:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:9pNHE16ae6ugVHWB/jqXYp32/3CfLTedeTZvL:/NHEk+vHWBLn2afHedAZvL

Entry address:
0x4B69

Entry point:
55, 8B, EC, 83, EC, 44, 68, 0C, 60, 40, 00, 68, 00, 60, 40, 00, E8, 35, 00, 00, 00, 59, 59, 8D, 45, BC, 50, FF, 15, 88, 50, 40, 00, F6, 45, E8, 01, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, FF, 15, 84, 50, 40, 00, 50, 6A, 00, 6A, 00, FF, 15, 68, 50, 40, 00, 50, E8, B5, F3, FF, FF, C9, C3, 56, 8B, 74, 24, 08, EB, 10, 8B, 06, 85, C0, 74, 07, 83, F8, FF, 74, 02, FF, D0, 83, C6, 04, 3B, 74, 24, 0C, 72, EA, 5E, C3, 33, C0, 40, A3, 00, 00, 00, 00, C3, 8B, 44, 24, 04, 85, C0, 75, 01, C3, 50, 50, E8, 00, 02...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
16 KB (16,384 bytes)

The file ufasoft_coin_0.64.exe has been seen being distributed by the following URL.

Remove ufasoft_coin_0.64.exe - Powered by Reason Core Security