fuheabyq.exe

The application fuheabyq.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address ks208500.kimsufi.com on port 3333.
MD5:
5edda06daff4fa213978a336d199869a

SHA-1:
ed18295fb8e2cdf9aa2b9fe347b11a6747320ca1

SHA-256:
048bc3f987decf4ba689b6503dec5935f9fce97a87b5cd517b03e9f55ee26329

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
1/16/2022 11:39:11 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-Trojan/Agent.479232.EB
14.05.25

Avira AntiVirus
SPR/BitCoin.F
7.11.146.188

avast!
Win32:BitCoinMiner-FR [PUP]
2014.9-140525

Baidu Antivirus
Trojan.Win32.BitCoinMiner
4.0.3.14525

Comodo Security
UnclassifiedMalware
18196

ESET NOD32
Win32/BitCoinMiner (variant)
8.9746

IKARUS anti.virus
possible-Threat.BitCoin.F
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.11951

McAfee
Artemis!5EDDA06DAFF4
5600.7119

Sophos
Bitcoin Miner
4.98

VIPRE Antivirus
Trojan.Win32.Generic
28752

File size:
468 KB (479,232 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\fuheabyq.exe

File PE Metadata
Compilation timestamp:
2/20/2013 3:05:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.22

CTPH (ssdeep):
6144:MhdQ44RP6zzOISYFzhzwjv5fwtB3FTwZehc+jILHokMhUSrN9EObNx9mhW1T:Q2Rizzx8v5fgfcjHokMh7bLjT

Entry address:
0x1280

Entry point:
83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, 9C, B6, 47, 00, E8, 6B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 9C, B6, 47, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, D0, B6, 47, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, B4, B6, 47, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, B0, 45, 00, E8, 62, 4F, 05, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, B0, 45, 00, 89...
 
[+]

Code size:
352 KB (360,448 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to ks208500.kimsufi.com  (94.23.224.7:3333)

TCP:
Connects to v7.srv.eligius.st  (107.170.221.41:8337)

TCP:
Connects to v5.srv.eligius.st  (104.131.100.118:8337)

TCP:
Connects to lb-182-241.above.com  (103.224.182.241:3000)

Remove fuheabyq.exe - Powered by Reason Core Security