× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc21aa025de72e60dcde2f013d67dd1a84c8bc5b7be8005d5616ca410fc7abd6
File name: wuaxctl.exe
Detection ratio: 24 / 47
Analysis date: 2013-07-03 15:11:07 UTC ( 4 years ago ) View latest
Antivirus Result Update
Yandex RiskTool.BitCoinMiner!uUXPnMFpQpg 20130703
Antiy-AVL RiskTool/Win32.BitCoinMiner 20130702
BitDefender Application.BitCoinMiner.AS 20130701
CAT-QuickHeal RiskTool.BitCoinMiner.crf (Not a Virus) 20130703
Commtouch W32/Trojan.OBSI-7323 20130703
Comodo UnclassifiedMalware 20130703
DrWeb Trojan.BtcMine.102 20130703
Emsisoft Trojan.Win32.CoinMiner (A) 20130703
ESET-NOD32 a variant of Win32/BitCoinMiner.D 20130703
F-Secure Application.BitCoinMiner.AS 20130703
Fortinet W32/BitCoinMiner.N 20130703
GData Application.BitCoinMiner.AS 20130703
Ikarus not-a-virus:BitCoinMiner 20130703
Kaspersky not-a-virus:RiskTool.Win32.BitCoinMiner.crf 20130703
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130506
Malwarebytes Trojan.BitcoinMiner 20130703
McAfee Artemis!A29094FF4DC2 20130703
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!89 20130703
Norman Suspicious_Gen5.WDRC 20130703
Panda Trj/CI.A 20130703
Sophos AV Generic PUA BM 20130703
TrendMicro TROJ_SPNR.0BEJ13 20130703
TrendMicro-HouseCall TROJ_SPNR.0BEJ13 20130703
VIPRE Trojan.Win32.Generic!BT 20130703
AhnLab-V3 20130703
AntiVir 20130703
Avast 20130703
AVG 20130703
ByteHero 20130613
ClamAV 20130702
eSafe 20130703
F-Prot 20130703
Jiangmin 20130703
K7AntiVirus 20130703
K7GW 20130703
Microsoft 20130703
eScan 20130702
NANO-Antivirus 20130703
nProtect 20130703
PCTools 20130703
Rising 20130703
SUPERAntiSpyware 20130703
Symantec 20130703
TheHacker 20130703
TotalDefense 20130703
VBA32 20130702
ViRobot 20130703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-24 14:25:00
Entry Point 0x0000126C
Number of sections 8
PE sections
Overlays
MD5 ec2ee17380374b4cfa0d7eadc17519cf
File type ASCII text
Offset 544768
Size 14
Entropy 3.09
PE imports
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetLastError
GetStdHandle
FlushConsoleInputBuffer
GetConsoleOutputCP
ReleaseMutex
UnmapViewOfFile
SetThreadContext
GetCommModemStatus
SetEvent
GetLargestConsoleWindowSize
FreeLibrary
VirtualProtect
GetNumberOfConsoleInputEvents
ExitProcess
ReadConsoleInputW
TlsAlloc
SetConsoleCursorPosition
LoadLibraryA
VirtualQuery
SetConsoleScreenBufferSize
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
GetConsoleMode
SetCommTimeouts
GetCurrentProcessId
ReleaseSemaphore
OpenProcess
GetConsoleCursorInfo
GetConsoleTitleW
WriteConsoleOutputW
SetConsoleTitleW
TlsGetValue
MultiByteToWideChar
SetConsoleCursorInfo
GetProcAddress
GetConsoleScreenBufferInfo
GetThreadContext
GetCurrentThread
CreateFileMappingW
CreateMutexA
IsDBCSLeadByteEx
SetConsoleActiveScreenBuffer
InterlockedExchangeAdd
CreateSemaphoreA
WideCharToMultiByte
MapViewOfFile
TlsFree
GetModuleHandleA
ResumeThread
PeekConsoleInputW
InterlockedExchange
SetUnhandledExceptionFilter
TlsSetValue
CloseHandle
GetSystemTimeAsFileTime
SetCommConfig
DuplicateHandle
WaitForMultipleObjects
GetVersion
GetThreadPriority
PurgeComm
SuspendThread
GetProcessAffinityMask
ResetEvent
ReadConsoleOutputW
InitializeCriticalSection
SetConsoleMode
WaitForSingleObject
SetConsoleWindowInfo
CreateEventA
InterlockedDecrement
Sleep
GetFileType
SetThreadPriority
CreateFileA
GetTickCount
GetCurrentThreadId
SleepEx
SetLastError
LeaveCriticalSection
clGetDeviceIDs
clReleaseKernel
clReleaseContext
clCreateCommandQueue
clGetPlatformIDs
clBuildProgram
clCreateContextFromType
clGetDeviceInfo
clEnqueueNDRangeKernel
clReleaseProgram
clCreateProgramWithSource
clSetKernelArg
clCreateKernel
clReleaseCommandQueue
clGetProgramInfo
clGetPlatformInfo
clEnqueueReadBuffer
clEnqueueWriteBuffer
clFinish
clCreateBuffer
clGetProgramBuildInfo
clCreateProgramWithBinary
GetWindowThreadProcessId
SendMessageW
FindWindowW
MapVirtualKeyW
wsprintfW
MessageBeep
GetKeyState
timeEndPeriod
timeBeginPeriod
recv
htonl
socket
bind
send
inet_addr
accept
select
shutdown
inet_ntoa
htons
closesocket
WSAGetLastError
listen
curl_global_init
curl_easy_init
curl_easy_reset
curl_slist_free_all
curl_global_cleanup
curl_easy_setopt
curl_slist_append
curl_easy_perform
curl_easy_getinfo
curl_easy_cleanup
libusb_get_device_list@8
libusb_set_configuration@8
libusb_close@4
libusb_free_config_descriptor@4
libusb_bulk_transfer@24
libusb_get_string_descriptor_ascii@16
libusb_exit@4
libusb_get_bus_number@4
libusb_get_active_config_descriptor@8
libusb_control_transfer@32
libusb_get_device_descriptor@8
libusb_open@8
libusb_kernel_driver_active@8
libusb_release_interface@8
libusb_get_device_address@4
libusb_free_device_list@8
libusb_claim_interface@8
libusb_set_debug@8
libusb_init@4
__p__fmode
__p__environ
fclose
fflush
strtol
fputc
_execv
strtok
strtod
ldiv
_setjmp
_close
_isatty
perror
_write
memcpy
strstr
memmove
signal
strcmp
memchr
strncmp
_assert
fgetc
memset
strcat
_stricmp
atexit
_setmode
strchr
ftell
exit
sprintf
strrchr
mbstowcs
strcspn
free
__getmainargs
_stat
_read
strcpy
fwrite
_ftime
_iob
toupper
setlocale
realloc
_open_osfhandle
_access
fopen
strncpy
_cexit
raise
qsort
_onexit
wcslen
memcmp
log10
_isctype
_pctype
getenv
atoi
vfprintf
atof
localeconv
strerror
_beginthreadex
_strnicmp
localtime
malloc
sscanf
fread
abort
fprintf
strlen
_endthreadex
strncat
_fdopen
_errno
fseek
_get_osfhandle
_strdup
rewind
longjmp
tolower
__mb_cur_max
calloc
wcstombs
floor
time
__set_app_type
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:04:24 15:25:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
403968

LinkerVersion
2.22

EntryPoint
0x126c

InitializedDataSize
543744

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
28160

File identification
MD5 a29094ff4dc2c90bc5b652d2f5916ea3
SHA1 1cc3a4a8091c27d233f56fd498e7b2b5ac8f3a81
SHA256 fc21aa025de72e60dcde2f013d67dd1a84c8bc5b7be8005d5616ca410fc7abd6
ssdeep
12288:GIkoCv02gDrPeOoxgmcujPVii9TT4RdIxd3LMM9n:GH83PPe7xgmceiiaRdIxd7MM9n

authentihash 66c13aab819c7ea59e84ffd775c3acca1c7cf0e4a3e65cd6a3237d0321f6c52f
imphash c77615c774ddb07e01735d0b35d9a1d2
File size 532.0 KB ( 544782 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-04-25 00:52:04 UTC ( 4 years, 2 months ago )
Last submission 2016-01-13 13:09:04 UTC ( 1 year, 6 months ago )
File names cgminer.exe
malekal_a29094ff4dc2c90bc5b652d2f5916ea3
sidebar.exe
cgminer.exe
a29094ff4dc2c90bc5b652d2f5916ea3.exe
file-5420439_exe
dwm.exe
C__Documents and Settings_Owner_Local Settings_Temp_iswizard_dwm.exe
wuaxctl.exe
1cc3a4a8091c27d233f56fd498e7b2b5ac8f3a81
123sfd.exe
vti-rescan
dwma.exe
svchost.exe
DWM.EXE
cgminer2.exe
dwm.exe_
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!