× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8148f04a49eddf47919b760cdd415f11864c6b6f9e287a8555ad9a679da1d2e9
File name: MinerConfig.exe
Detection ratio: 26 / 53
Analysis date: 2015-10-15 17:33:30 UTC ( 3 years ago )
Antivirus Result Update
Avast Win32:Malware-gen 20151014
AVG Generic36.BWXI 20151015
AVware Trojan.Win32.Generic!BT 20151015
Baidu-International Hacktool.Win32.CMDOW.A 20151015
BitDefender Gen:Variant.Strictor.88264 20151015
Bkav W32.SalideD.Trojan 20151015
ClamAV Win.Trojan.Agent-730108 20151015
Cyren W32/Trojan.FUCK-5560 20151015
Emsisoft Gen:Variant.Strictor.88264 (B) 20151015
ESET-NOD32 a variant of Win32/CMDOW.A potentially unsafe 20151015
F-Prot W32/Trojan2.OIOK 20151015
F-Secure Gen:Variant.Strictor.88264 20151015
Fortinet Riskware/CMDOW 20151015
GData Gen:Variant.Strictor.88264 20151015
K7AntiVirus Unwanted-Program ( 004c40221 ) 20151015
K7GW Unwanted-Program ( 004c40221 ) 20151015
Kaspersky UDS:DangerousObject.Multi.Generic 20151015
McAfee Artemis!6A756D6C49E0 20151015
McAfee-GW-Edition BehavesLike.Win32.Expiro.hc 20151015
eScan Gen:Variant.Strictor.88264 20151015
NANO-Antivirus Trojan.Win32.FUCK5560.dpgbde 20151015
Panda Trj/Dtcontx.I 20151015
Rising PE:Malware.RDM.00!5.6[F1] 20151014
Symantec Suspicious.Cloud.9 20151014
VBA32 Trojan.BAT.BitCoinMiner 20151014
VIPRE Trojan.Win32.Generic!BT 20151015
AegisLab 20151015
Yandex 20151014
AhnLab-V3 20151015
Alibaba 20151015
Antiy-AVL 20151015
Arcabit 20151015
ByteHero 20151015
CAT-QuickHeal 20151015
CMC 20151014
Comodo 20151015
DrWeb 20151015
Ikarus 20151015
Jiangmin 20151014
Kingsoft 20151015
Malwarebytes 20151015
Microsoft 20151015
nProtect 20151015
Sophos AV 20151015
SUPERAntiSpyware 20151015
Tencent 20151015
TheHacker 20151012
TotalDefense 20151015
TrendMicro 20151015
TrendMicro-HouseCall 20151015
ViRobot 20151015
Zillya 20151015
Zoner 20151015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
April 2015

Publisher Spexx
Product Spexx XMG Magi Miner Configuration
File version 1.0.0.0
Description XMG Magi Miner Configuration
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-26 19:39:54
Entry Point 0x00005FE4
Number of sections 4
PE sections
Overlays
MD5 f1b9a5df797844d74ae9bb646cd39da0
File type data
Offset 163840
Size 430461
Entropy 7.71
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetEnvironmentStrings
CreateDirectoryA
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
GetModuleHandleA
GetTempPathA
WideCharToMultiByte
GetStringTypeA
SetFilePointer
ReadFile
WriteFile
GetStartupInfoA
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
Sleep
GetFileType
SetEndOfFile
CreateFileA
GetTickCount
GetVersion
VirtualAlloc
ShellExecuteExA
timeGetTime
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
114688

EntryPoint
0x5fe4

MIMEType
application/octet-stream

LegalCopyright
April 2015

FileVersion
1.0.0.0

TimeStamp
2013:02:26 20:39:54+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

FileDescription
XMG Magi Miner Configuration

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Spexx

CodeSize
45056

ProductName
Spexx XMG Magi Miner Configuration

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 6a756d6c49e02c57ff77758fcc2e1497
SHA1 a4f5ae6d0541e794ff1175d850f8fbe495978108
SHA256 8148f04a49eddf47919b760cdd415f11864c6b6f9e287a8555ad9a679da1d2e9
ssdeep
6144:O4YJHJ1GakfsoPqgQSEXPf5qUiJ4p1peg+TmEqEuIcgX2X7jk6S62uNm3:O4YJHJ1KZQSEBwT9cgX4a3

authentihash ed368fdc015ab46971220a5dce075ea5d64f1d3303bcfa9b90c61b04acdba632
imphash a04f32913d3ef18e07d2c1e3f373c264
File size 580.4 KB ( 594301 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-08 04:42:30 UTC ( 3 years, 4 months ago )
Last submission 2015-06-08 04:42:30 UTC ( 3 years, 4 months ago )
File names MinerConfig.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R01TB01IM15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.