» WindowsFormsApplication3.exe
Overview
Analysis
File Details

WindowsFormsApplication3.exe

WindowsFormsApplication3

gstu

The file WindowsFormsApplication3.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.

File name:

Publisher:

gstu

Product:

WindowsFormsApplication3

Version:

1.0.0.0

MD5:

c0e9cb2fd7bcbd6856cfabdd3df29d8f

SHA-1:

8ba2a97ae103ed793356d164f98f6f89e55eeb74

SHA-256:

52e8079c0377cfe70083e5e554d17e344f2f675e58c3bfd340a02b6017110b49

Scanner detections:

27 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

5/2/2024 9:44:45 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.BitcoinMiner.DD

-40

Agnitum Outpost

Riskware.BitCoinMiner

7.1.1

AhnLab V3 Security

Trojan/Win32.BitCoinMiner

2015.04.10

Avira AntiVirus

TR/Rogue.10255329

3.6.1.96

avast!

Win32:Miner-B [PUP]

2014.9-170315

AVG

CoinMiner

2018.0.2438

Baidu Antivirus

Hacktool.Win32.BitCoinMiner

4.0.3.17315

Bitdefender

Application.BitcoinMiner.DD

1.0.20.370

Comodo Security

UnclassifiedMalware

21715

Dr.Web

Trojan.DownLoader11.40019

9.0.1.074

ESET NOD32

MSIL/CoinMiner.IB (variant)

11.11454

Fortinet FortiGate

Riskware/BitCoinMiner

3/15/2017

F-Secure

Application.BitcoinMiner.DD

11.2017-15-03_4

G Data

Application.BitcoinMiner.DD

17.3.25

K7 AntiVirus

Trojan

13.202.15552

Kaspersky

Trojan.Win64.BitMin

14.0.0.-1314

Malwarebytes

Trojan.Agent.MNR

v2017.03.15.07

McAfee

Artemis!C0E9CB2FD7BC

5600.6094

MicroWorld eScan

Application.BitcoinMiner.DD

18.0.0.222

NANO AntiVirus

Riskware.Win32.BitCoinMiner.ctpgjh

0.30.10.952

Norman

Suspicious_Gen4.FTXQH

11.20170315

nProtect

Trojan/W32.KRBitcoinminer.3799040

15.04.10.01

Reason Heuristics

PUP.Bundler (M)

17.3.15.19

Sophos

Generic PUA IL

4.98

Trend Micro House Call

TROJ_SPNR.0BBP14

7.2.74

Trend Micro

TROJ_SPNR.0BBP14

10.465.15

VIPRE Antivirus

RiskTool.Win32.BitCoinMiner (not malicious)

39216

File size:

3.6 MB (3,799,040 bytes)

Product version:

1.0.0.0

Original file name:

WindowsFormsApplication3.exe

Language:

Neovisno o jeziku

Common path:

C:\users\{user}\appdata\local\temp\awhd03f.tmp

File PE Metadata

Compilation timestamp:

1/10/2014 4:41:00 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

Entry address:

0x3A0CFE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

3.6 MB (3,796,480 bytes)

Remove WindowsFormsApplication3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.