× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f9e81a06d34b60da3a5a40c98101c76f3f07020f312025102e348fd28ee9b55
File name: bfgminer-rpc.exe
Detection ratio: 35 / 56
Analysis date: 2016-08-14 16:25:49 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.17436243 20160814
AegisLab Troj.Bitcoinminer.Ojgz!c 20160814
ALYac Trojan.Generic.17436243 20160814
Antiy-AVL Trojan/Win32.TSGeneric 20160814
Arcabit Trojan.Generic.D10A0E53 20160814
Avast Win32:Malware-gen 20160814
Avira (no cloud) TR/BitCoinMiner.ojgz 20160814
AVware Trojan.Win32.Generic!BT 20160814
BitDefender Trojan.Generic.17436243 20160814
Bkav W32.Clod4d1.Trojan.be88 20160813
Cyren W32/Trojan.EMWN-4939 20160814
DrWeb Tool.BtcMine.577 20160814
Emsisoft Trojan.Generic.17436243 (B) 20160814
ESET-NOD32 a variant of Win32/BitCoinMiner.AN potentially unsafe 20160814
F-Secure Trojan.Generic.17436243 20160814
Fortinet Riskware/BitCoinMiner 20160814
GData Trojan.Generic.17436243 20160814
Ikarus Trojan.Win32.Llac 20160814
K7AntiVirus Unwanted-Program ( 004c51291 ) 20160814
K7GW Unwanted-Program ( 004c51291 ) 20160814
Malwarebytes PUP.Optional.BitCoinMiner 20160814
McAfee RDN/Generic PUP.x 20160814
McAfee-GW-Edition RDN/Generic PUP.x 20160814
eScan Trojan.Generic.17436243 20160814
NANO-Antivirus Riskware.Win32.BtcMine.dsrfzm 20160814
nProtect Trojan.Generic.17436243 20160812
Panda Trj/GdSda.A 20160814
Rising PUA.BitCoinMiner!8.471-UrhNc8arDxL (Cloud) 20160814
Sophos AV Bitcoin Miner (PUA) 20160814
Symantec Trojan.Gen.2 20160814
TrendMicro TROJ_GEN.R00XC0ODD16 20160814
TrendMicro-HouseCall TROJ_GEN.R00XC0ODD16 20160814
VIPRE Trojan.Win32.Generic!BT 20160814
ViRobot Trojan.Win32.Z.Bitcoinminer.75792[h] 20160814
Yandex Riskware.Agent! 20160813
AhnLab-V3 20160814
Alibaba 20160812
AVG 20160814
Baidu 20160813
CAT-QuickHeal 20160813
ClamAV 20160814
CMC 20160811
Comodo 20160814
F-Prot 20160814
Jiangmin 20160814
Kaspersky 20160814
Kingsoft 20160814
Microsoft 20160814
Qihoo-360 20160814
SUPERAntiSpyware 20160814
Tencent 20160814
TheHacker 20160814
TotalDefense 20160814
VBA32 20160812
Zillya 20160814
Zoner 20160814
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-26 06:56:35
Entry Point 0x000012A0
Number of sections 15
PE sections
Overlays
MD5 6224900da68315cc6bd541130adcf616
File type data
Offset 51200
Size 24592
Entropy 3.94
PE imports
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
WideCharToMultiByte
GetModuleHandleA
GetLastError
VirtualQuery
InterlockedExchange
SetUnhandledExceptionFilter
IsDBCSLeadByteEx
ExitProcess
VirtualProtect
MultiByteToWideChar
GetProcAddress
Sleep
LeaveCriticalSection
socket
recv
send
WSAStartup
gethostbyname
connect
htons
closesocket
WSAGetLastError
__p__fmode
malloc
__p__environ
realloc
memset
atexit
abort
_setmode
_assert
strlen
_cexit
fputc
puts
_errno
fwrite
setlocale
_onexit
wcslen
isspace
strchr
free
getenv
atoi
vfprintf
__getmainargs
calloc
memcpy
localeconv
strcmp
__mb_cur_max
__set_app_type
signal
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:03:26 06:56:35+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
25600

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
32256

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit

EntryPoint
0x12a0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
4096

File identification
MD5 1a80e3c1fc90c96742d5117e7af8ce34
SHA1 f48b8879d4e9ea2b754d3b86616fac3ddc3a2128
SHA256 8f9e81a06d34b60da3a5a40c98101c76f3f07020f312025102e348fd28ee9b55
ssdeep
768:bIPgF0K43axvBZ2bVsv/lurxyV2+Ru+tjL76Zp0iMxSeZXJBrSy4UBssmdncOK0l:zFf4Jqt7Op0t5XSy4U1m5pK0w4Sz/7y

authentihash 07f1ee82c48d37caa47ed345195acfbfe5cc088f3b7f13aa67febd5666999b28
imphash b012787c95d2b4e9c12501802290238f
File size 74.0 KB ( 75792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-31 07:01:07 UTC ( 2 years, 10 months ago )
Last submission 2018-05-25 17:56:24 UTC ( 9 months ago )
File names bfgminer-rpc.exe
bfgminer-rpc.exe
bfgminer-rpc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications