home

ufasoft_coin_0.92.exe

The application ufasoft_coin_0.92.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from ufasoft.com and multiple other hosts.
MD5:
534dedcd4bf755b3ee6920feb22a44f0

SHA-1:
9ccd4d7bea4356ffab4cdae457707dac16b2a218

SHA-256:
7f98ee7b1edcfa137a5ce4f856a79cb05c4556dd0f6c7a115dbc47e999a444fb

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/27/2024 12:09:27 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.BitCoinMiner
7.1.1

AhnLab V3 Security
PUP/Win32.Miner
2014.06.17

avast!
Win32:Malware-gen
2014.9-140617

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.14617

Dr.Web
Tool.BtcMine.254
9.0.1.0168

ESET NOD32
MSIL/BitCoinMiner (variant)
8.9956

Fortinet FortiGate
Riskware/Win64_BitCoinMiner
6/17/2014

K7 AntiVirus
Trojan
13.1712422

Kaspersky
not-a-virus:RiskTool.Win64.BitCoinMiner
14.0.0.3699

Malwarebytes
PUP.BitCoinMiner
v2014.06.17.02

McAfee
Artemis!534DEDCD4BF7
5600.7097

Quick Heal
RiskTool.Win64.g4 (Not a Virus)
6.14.14.00

Sophos
Bitcoin Miner
4.98

Trend Micro House Call
TROJ_GEN.R00GH07E614
7.2.168

File size:
3.2 MB (3,376,774 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ufasoft_coin_0.92.exe

File PE Metadata
Compilation timestamp:
10/1/2013 8:24:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:S9fAmX3eZjtWCVGoPxiq/NIdlZxvqPzIjsrMH:Sft0WYfP9Gjl0zIgrMH

Entry address:
0x4C36

Entry point:
55, 8B, EC, 83, EC, 44, 68, 0C, 60, 40, 00, 68, 00, 60, 40, 00, E8, 37, 00, 00, 00, 59, 59, 8D, 45, BC, 50, FF, 15, 88, 50, 40, 00, F6, 45, E8, 01, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, FF, 15, 84, 50, 40, 00, 50, 6A, 00, 6A, 00, FF, 15, 68, 50, 40, 00, 50, E8, 89, F3, FF, FF, 8B, E5, 5D, C3, 8B, 44, 24, 08, 53, 56, 8B, 74, 24, 0C, 33, DB, 2B, C6, 83, C0, 03, C1, E8, 02, 39, 74, 24, 10, 57, 1B, FF, F7, D7, 23, F8, 76, 15, 8B, 06, 85, C0, 74, 07, 83, F8, FF, 74, 02, FF, D0, 83, C6, 04, 43, 3B, DF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
16 KB (16,384 bytes)

The file ufasoft_coin_0.92.exe has been seen being distributed by the following 2 URLs.

http://ufasoft.com/.../ufasoft_coin_0.92.exe

http://ufasoft.com/.../ufasoft_coin_0.33.exe

Remove ufasoft_coin_0.92.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.