× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 746912c13ad00798c2649b6dea1e19eb4a3cea59520cfad39b855810cfc75dda
File name: minerd.exe
Detection ratio: 6 / 50
Analysis date: 2014-03-02 20:27:42 UTC ( 5 years, 2 months ago ) View latest
Antivirus Result Update
Avast Win32:BitCoinMiner-FA [PUP] 20140302
ESET-NOD32 a variant of Win32/BitCoinMiner.W 20140302
Kaspersky not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner.heur 20140302
Malwarebytes Trojan.Agent.BCM 20140302
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!89 20140302
Qihoo-360 Win32/Virus.RiskTool.749 20140302
Ad-Aware 20140302
Yandex 20140228
AhnLab-V3 20140302
AntiVir 20140302
Antiy-AVL 20140302
AVG 20140302
Baidu-International 20140302
BitDefender 20140302
Bkav 20140228
ByteHero 20140302
CAT-QuickHeal 20140302
ClamAV 20140301
CMC 20140228
Commtouch 20140302
Comodo 20140302
DrWeb 20140302
Emsisoft 20140302
F-Prot 20140302
F-Secure 20140302
Fortinet 20140302
GData 20140302
Ikarus 20140302
Jiangmin 20140302
K7AntiVirus 20140301
K7GW 20140301
Kingsoft 20140302
McAfee 20140302
Microsoft 20140302
eScan 20140302
NANO-Antivirus 20140302
Norman 20140302
nProtect 20140302
Panda 20140302
Rising 20140302
Sophos AV 20140302
SUPERAntiSpyware 20140302
Symantec 20140302
TheHacker 20140228
TotalDefense 20140302
TrendMicro 20140302
TrendMicro-HouseCall 20140302
VBA32 20140228
VIPRE 20140302
ViRobot 20140302
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-01 23:36:03
Entry Point 0x00001570
Number of sections 8
PE sections
Overlays
MD5 ec2ee17380374b4cfa0d7eadc17519cf
File type ASCII text
Offset 179200
Size 14
Entropy 3.09
PE imports
GetLastError
GetStdHandle
EnterCriticalSection
GetSystemInfo
PurgeComm
ExitProcess
SetConsoleTextAttribute
VirtualProtect
DeleteCriticalSection
SetThreadPriority
MultiByteToWideChar
GetCommandLineA
GetProcAddress
GetCurrentThread
IsDBCSLeadByteEx
WideCharToMultiByte
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
SetCommTimeouts
SetCommConfig
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
CreateFileA
LeaveCriticalSection
curl_global_init
curl_easy_init
curl_easy_reset
curl_slist_free_all
curl_slist_append
curl_easy_setopt
curl_version
curl_easy_perform
curl_easy_cleanup
__p__fmode
malloc
_stricoll
__p__environ
fgetc
realloc
memset
fclose
_time64
_open_osfhandle
atexit
abort
_setmode
strlen
_assert
fflush
fopen
feof
strncpy
wcslen
_cexit
fputc
strtol
signal
_errno
strtod
fwrite
setlocale
qsort
_onexit
_findclose
_strdup
memcmp
exit
mbstowcs
isspace
_close
strchr
tolower
_isctype
_fullpath
strrchr
_pctype
free
getenv
atoi
vfprintf
__getmainargs
calloc
_write
_stricmp
strcoll
memcpy
wcstombs
strstr
memmove
_read
strtok
_findnext
strerror
strcmp
_findfirst
strcpy
_localtime64
__mb_cur_max
_strnicmp
fprintf
__set_app_type
localeconv
memchr
_iob
pthread_mutex_lock
pthread_mutex_unlock
pthread_mutex_destroy
pthread_mutex_init
pthread_cond_wait
pthread_cond_signal
pthread_cond_destroy
pthread_join
pthread_create
pthread_cond_timedwait
pthread_cond_init
socket
bind
inet_addr
send
recvfrom
select
WSAGetLastError
sendto
htons
recv
WSAIoctl
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:03:02 00:36:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
144896

LinkerVersion
2.23

EntryPoint
0x1570

InitializedDataSize
178176

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
3584

File identification
MD5 b614454e0bbb0ffd766f1a6393ba164c
SHA1 954a39164bf4e57d7df3b77bfeafb15bb8e9d778
SHA256 746912c13ad00798c2649b6dea1e19eb4a3cea59520cfad39b855810cfc75dda
ssdeep
3072:H6w4wGdnXbk3JI0BsdD/LFcGyK7cHDt+NQmhuj4xCvTeZWt:adwuiI0kDLFcZJjMNQmc9im

authentihash a58ae772fabe20a18c55512c6be01b046d3745a008465937450b407a002adda2
imphash 49bfdc7dbe94e6c3255649d961d8d533
File size 175.0 KB ( 179214 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-03-02 20:27:42 UTC ( 5 years, 2 months ago )
Last submission 2018-05-26 17:55:44 UTC ( 12 months ago )
File names minerd.exe
minerd.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0EB715.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!