» vcreditx64.exe
Overview
Analysis
File Details
Network (1)

vcreditx64.exe

The application vcreditx64.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address lb-182-231.above.com on port 4050.

File name:

vcreditx64.exe

MD5:

bef28d3b56b234c4010a50c09af029f9

SHA-1:

97d8a4277d504d3be77e1baccdce46ac692f929c

SHA-256:

98c25df7e3e35b3a16142563407695d82fa1340a16b1d67ebc8d370d8b570060

Scanner detections:

13 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

5/18/2024 9:42:06 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.BitCoinMiner

7.1.1

avast!

Win64:Malware-gen

2014.9-160203

Baidu Antivirus

Hacktool.Win64.BitCoinMiner

4.0.3.1623

ESET NOD32

Win64/BitCoinMiner.Z potentially unsafe (variant)

10.12804

Fortinet FortiGate

Riskware/BitCoinMiner

2/3/2016

G Data

Win64.Application.Agent.GTOADL

16.2.25

K7 AntiVirus

Unwanted-Program

13.212.18299

Kaspersky

not-a-virus:RiskTool.Win64.BitCoinMiner

14.0.0.717

Malwarebytes

RiskWare.BitCoinMiner

v2016.02.03.01

McAfee

Artemis!BEF28D3B56B2

5600.6500

Panda Antivirus

Trj/Chgt.O

16.02.03.01

VIPRE Antivirus

Trojan.Win32.Generic

46212

ViRobot

Adware.Bitcoinminer.1555380[h]

2014.3.20.0

File size:

1.5 MB (1,555,380 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\roaming\vcreditx64.exe

File PE Metadata

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

2.24

CTPH (ssdeep):

24576:LG4gBNCRN7wQnybqpXj1c0fKTCF0a6o/N8JsU3Aot+Ec0xMko6z5rJ9LU3:LG4NTrybqpXj1c0fKTyz6z5rJ9LU3

Entry address:

0x14D0

Entry point:

48, 83, EC, 28, C7, 05, A2, 0F, 0E, 00, 00, 00, 00, 00, E8, 5D, 39, 04, 00, E8, 98, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, 48, 83, EC, 28, FF, 15, C6, 31, 0E, 00, 89, C0, 48, 83, C4, 28, C3, 66, 66, 66, 66, 66, 66, 2E, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 83, EC, 38, 48, 8D, 4C, 24, 20, FF, 15, D1, 31, 0E, 00, 48, 8B, 44, 24, 20, 48, 83, C4, 38, C3, 0F, 1F, 80, 00, 00, 00, 00, 48, 83, EC, 38, 48, 8D, 4C, 24, 20, FF, 15, B9, 31, 0E, 00, 48, 8B, 44, 24, 20, 48, 83, C4, 38, C3, 90, 90, 90, 90, 90, 90, 90... 
[+]

Code size:

563 KB (576,512 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to lb-182-231.above.com (103.224.182.231:4050)

Remove vcreditx64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.