» fuheabyq.exe
Overview
Analysis
File Details
Network (4)

fuheabyq.exe

The application fuheabyq.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address ks208500.kimsufi.com on port 3333.

File name:

fuheabyq.exe

MD5:

5edda06daff4fa213978a336d199869a

SHA-1:

ed18295fb8e2cdf9aa2b9fe347b11a6747320ca1

SHA-256:

048bc3f987decf4ba689b6503dec5935f9fce97a87b5cd517b03e9f55ee26329

Scanner detections:

11 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/26/2024 8:53:27 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Trojan/Agent.479232.EB

14.05.25

Avira AntiVirus

SPR/BitCoin.F

7.11.146.188

avast!

Win32:BitCoinMiner-FR [PUP]

2014.9-140525

Baidu Antivirus

Trojan.Win32.BitCoinMiner

4.0.3.14525

Comodo Security

UnclassifiedMalware

18196

ESET NOD32

Win32/BitCoinMiner (variant)

8.9746

IKARUS anti.virus

possible-Threat.BitCoin.F

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.177.11951

McAfee

Artemis!5EDDA06DAFF4

5600.7119

Sophos

Bitcoin Miner

4.98

VIPRE Antivirus

Trojan.Win32.Generic

28752

File size:

468 KB (479,232 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\fuheabyq.exe

File PE Metadata

Compilation timestamp:

2/20/2013 3:05:40 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.22

CTPH (ssdeep):

6144:MhdQ44RP6zzOISYFzhzwjv5fwtB3FTwZehc+jILHokMhUSrN9EObNx9mhW1T:Q2Rizzx8v5fgfcjHokMh7bLjT

Entry address:

0x1280

Entry point:

83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, 9C, B6, 47, 00, E8, 6B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 9C, B6, 47, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, D0, B6, 47, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, B4, B6, 47, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, B0, 45, 00, E8, 62, 4F, 05, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, B0, 45, 00, 89... 
[+]

Code size:

352 KB (360,448 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to ks208500.kimsufi.com (94.23.224.7:3333)

TCP:

Connects to v7.srv.eligius.st (107.170.221.41:8337)

TCP:

Connects to v5.srv.eligius.st (104.131.100.118:8337)

TCP:

Connects to lb-182-241.above.com (103.224.182.241:3000)

Remove fuheabyq.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.