ufasoft_coin_0.75.exe

The application ufasoft_coin_0.75.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from ufasoft.com and multiple other hosts.
MD5:
1ea0064c8e9db57972c7f20f534a2f80

SHA-1:
75ff551be8187dcf809a4aea2b1054364312b2fd

SHA-256:
3e5c1756cc6adbe99207495c61940da2dbba77be48ba646dd331744bb48cf2d8

Scanner detections:
18 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
10/17/2018 5:18:10 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.BitMiner
2013.11.24

avast!
Win32:Malware-gen
2014.9-131219

Bkav FE
W32.Clod192.Trojan
1.3.0.4562

Comodo Security
UnclassifiedMalware
17326

ESET NOD32
Win32/BitCoinMiner.AL (variant)
7.9087

Fortinet FortiGate
Riskware/BitCoinMiner
12/19/2013

G Data
Win32.Trojan.Agent.PK1WBY
13.12.22

IKARUS anti.virus
not-a-virus:RiskTool.Win32.BitCoinMiner
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10294

Kaspersky
not-a-virus:RiskTool.Win32.BitCoinMiner
14.0.0.4599

Malwarebytes
PUP.BitCoinMiner
v2013.12.19.03

McAfee
Artemis!1EA0064C8E9D
5600.7277

Norman
BitCoin.L
11.20131219

Reason Heuristics
Unnamed.Threat.14
14.3.1.17

Sophos
Bitcoin Miner
4.95

Trend Micro House Call
TROJ_GEN.R0CBC0OJT13
7.2.353

Trend Micro
TROJ_GEN.R0CBC0OJT13
10.465.19

VIPRE Antivirus
Trojan.Win32.Generic
23666

File size:
1.5 MB (1,597,189 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
10/1/2013 9:24:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:SHR0LIDR/aE85BxF9Gx+MNESM919m5ifldhhrxRVdWFschg0YN/eYpTzOFMnE:uRqIDR2sxb6mEdh5VZcLiTzOFME

Entry address:
0x4C36

Entry point:
55, 8B, EC, 83, EC, 44, 68, 0C, 60, 40, 00, 68, 00, 60, 40, 00, E8, 37, 00, 00, 00, 59, 59, 8D, 45, BC, 50, FF, 15, 88, 50, 40, 00, F6, 45, E8, 01, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, FF, 15, 84, 50, 40, 00, 50, 6A, 00, 6A, 00, FF, 15, 68, 50, 40, 00, 50, E8, 89, F3, FF, FF, 8B, E5, 5D, C3, 8B, 44, 24, 08, 53, 56, 8B, 74, 24, 0C, 33, DB, 2B, C6, 83, C0, 03, C1, E8, 02, 39, 74, 24, 10, 57, 1B, FF, F7, D7, 23, F8, 76, 15, 8B, 06, 85, C0, 74, 07, 83, F8, FF, 74, 02, FF, D0, 83, C6, 04, 43, 3B, DF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
16 KB (16,384 bytes)

The file ufasoft_coin_0.75.exe has been seen being distributed by the following 2 URLs.

Remove ufasoft_coin_0.75.exe - Powered by Reason Core Security