× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7086cdacffd13e7958878667d4f432dec0a13fae900b798a6236a3be00b390f2
File name: hodlminer.exe
Detection ratio: 1 / 54
Analysis date: 2016-08-02 12:05:37 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win64/BitCoinMiner.U potentially unsafe 20160802
Ad-Aware 20160802
AegisLab 20160801
AhnLab-V3 20160802
Alibaba 20160802
ALYac 20160802
Antiy-AVL 20160802
Arcabit 20160802
Avast 20160802
AVG 20160802
Avira (no cloud) 20160802
AVware 20160802
Baidu 20160802
BitDefender 20160802
Bkav 20160802
CAT-QuickHeal 20160802
ClamAV 20160802
CMC 20160801
Comodo 20160802
Cyren 20160802
DrWeb 20160802
Emsisoft 20160802
F-Prot 20160802
F-Secure 20160802
Fortinet 20160802
GData 20160802
Ikarus 20160802
Jiangmin 20160802
K7AntiVirus 20160802
K7GW 20160802
Kaspersky 20160802
Kingsoft 20160802
Malwarebytes 20160802
McAfee 20160802
McAfee-GW-Edition 20160802
Microsoft 20160802
eScan 20160802
NANO-Antivirus 20160802
nProtect 20160802
Panda 20160802
Qihoo-360 20160802
Sophos AV 20160802
SUPERAntiSpyware 20160802
Symantec 20160802
Tencent 20160802
TheHacker 20160802
TrendMicro 20160802
TrendMicro-HouseCall 20160802
VBA32 20160802
VIPRE 20160802
ViRobot 20160802
Yandex 20160802
Zillya 20160802
Zoner 20160802
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2031-05-08 18:06:26
Entry Point 0x00001500
Number of sections 10
PE sections
PE imports
CryptReleaseContext
CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptHashData
CryptDestroyHash
CryptCreateHash
CertFreeCertificateContext
PeekNamedPipe
GetLastError
GetStdHandle
EnterCriticalSection
VerifyVersionInfoA
GetSystemInfo
SetThreadContext
GetModuleFileNameW
TryEnterCriticalSection
ResumeThread
FreeLibrary
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
TlsAlloc
GetHandleInformation
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
DeleteCriticalSection
GetCurrentProcess
SetThreadPriority
GetCurrentProcessId
ReleaseSemaphore
RtlVirtualUnwind
UnhandledExceptionFilter
VirtualProtect
SetProcessAffinityMask
GetProcAddress
GetThreadContext
GetCurrentThread
SuspendThread
RtlAddFunctionTable
CreateSemaphoreA
GetModuleHandleA
ReadFile
FormatMessageA
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
GetStartupInfoA
RtlCaptureContext
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetThreadPriority
SetEvent
TerminateProcess
GetProcessAffinityMask
GetTimeZoneInformation
ResetEvent
InitializeCriticalSection
VirtualQuery
CreateEventA
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetCurrentThreadId
SleepEx
SetLastError
LeaveCriticalSection
MessageBoxW
ldap_get_dn
ldap_first_entry
ldap_next_entry
ldap_unbind_s
ldap_value_free_len
ldap_err2string
ldap_msgfree
ldap_get_values_len
ldap_first_attribute
ldap_memfree
ldap_search_s
ber_free
ldap_set_option
ldap_simple_bind_s
ldap_init
ldap_next_attribute
ldap_sslinit
getaddrinfo
htonl
accept
ioctlsocket
WSAStartup
freeaddrinfo
connect
getsockname
htons
getpeername
WSAGetLastError
gethostname
getsockopt
recv
ntohl
send
ntohs
select
listen
__WSAFDIsSet
WSACleanup
WSASetLastError
closesocket
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
__lconv_init
_lock
fclose
_time64
_snwprintf
strtoul
fflush
_fmode
strtol
fputc
strtok
fwrite
_fstat64
_setjmp
_close
_write
memcpy
strstr
memmove
signal
strcmp
memchr
strncmp
fgetc
memset
strcat
_stricmp
fgets
wcscpy
strchr
clock
isxdigit
ftell
exit
sprintf
strrchr
mbstowcs
_acmdln
free
__getmainargs
__C_specific_handler
_lseeki64
_vsnprintf
puts
_read
strcpy
islower
_initterm
isupper
rand
setlocale
realloc
__dllonexit
calloc
isprint
printf
fopen
strncpy
_cexit
raise
isalnum
_sys_nerr
qsort
_open
_onexit
isalpha
memcmp
__setusermatherr
_gmtime64
getenv
atoi
vfprintf
localeconv
strerror
isspace
_beginthreadex
_localtime64
_strnicmp
malloc
sscanf
fread
abort
fprintf
feof
_endthreadex
_amsg_exit
_errno
strlen
fseek
__initenv
_strdup
longjmp
tolower
_unlock
strpbrk
isgraph
fwprintf
_exit
__argv
wcstombs
__iob_func
_stat64
__set_app_type
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2031:05:08 19:06:26+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
441856

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Large address aware, No debug

EntryPoint
0x1500

InitializedDataSize
110592

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
7680

Compressed bundles
File identification
MD5 f88740aa122f140c6efd49fc1707e2a1
SHA1 2c9168ed805c61047cd553ecd05b1373210aff52
SHA256 7086cdacffd13e7958878667d4f432dec0a13fae900b798a6236a3be00b390f2
ssdeep
12288:kR/JaR/+UYzKNxQeqA3IHyto0Ulfa+5/bMGZ7+1ahyiI:waR2FzAxQeqA3ISCdfa6YYNI

authentihash e2052aacffd3691e57b05272f9ef96df07f86dd701f5f974c8261adafed27e91
imphash 57d69da0a1c5d86b15d365d3efcf5e0c
File size 540.5 KB ( 553472 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
VXD Driver (0.0%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2016-08-02 12:05:37 UTC ( 2 years, 8 months ago )
Last submission 2018-10-18 16:59:49 UTC ( 6 months ago )
File names TeamViewer.exe
hodlminer.exe
hodlminer_SUPER.exe
hodlminer.exe
hodlminer-avx.exe
hodlminer.exe
svchost.exe
svchost.exe
services.exe
AviraCheck.exe
flareFile
svchost.exe
hodlminer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!