× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: d0326f0ddce4c00f93682e3a6f55a3125f6387e959e9ed6c5e5584e78e737078
ファイル名: NsCpuCNMiner64.exe
検出率: 40 / 54
分析日時: 2016-01-20 10:52:01 UTC (3 年, 4 ヶ月前) 最新を表示
ウイルス対策ソフト 結果 更新日
Ad-Aware Application.Bitcoinminer.HH 20160120
AegisLab Risktool.Win64.Gen!c 20160120
Yandex Trojan.CoinMiner!osFaf3bNTLA 20160119
AhnLab-V3 Trojan/Win64.BitCoinMiner 20160119
Antiy-AVL Trojan/Win32.TSGeneric 20160120
Arcabit Application.Bitcoinminer.HH 20160120
AVG Atros.APPC 20160120
Avira (no cloud) TR/CoinMiner.J 20160120
Baidu-International Hacktool.Win32.Bitcoinminer.77 20160120
BitDefender Application.Bitcoinminer.HH 20160120
Bkav W32.SartosgeLTZ.Trojan 20160119
CAT-QuickHeal Trojan.Miner.gw9 20160119
Comodo UnclassifiedMalware 20160120
Cyren W64/BitCoinMiner.E 20160120
DrWeb Tool.BtcMine.431 20160120
ESET-NOD32 Win64/CoinMiner.J 20160120
F-Prot W64/BitCoinMiner.E 20160120
F-Secure Application.Bitcoinminer.HH 20160120
GData Application.Bitcoinminer.HH 20160120
Ikarus Trojan.Win64.CoinMiner 20160120
K7AntiVirus Trojan ( 0049ce8d1 ) 20160120
K7GW Trojan ( 0049ce8d1 ) 20160120
Kaspersky not-a-virus:RiskTool.Win64.BitCoinMiner.sx 20160120
Malwarebytes Trojan.BitCoinMiner 20160120
McAfee Trojan-CoinMiner 20160120
McAfee-GW-Edition Trojan-CoinMiner 20160120
eScan Application.Bitcoinminer.HH 20160120
NANO-Antivirus Riskware.Win64.BtcMine.dtkzrz 20160120
Panda Trj/CI.A 20160119
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160120
Sophos AV Mal/Miner-C 20160120
SUPERAntiSpyware Trojan.Agent/Gen-CoinMiner 20160120
Symantec PUA.Bitcoinminer 20160119
TheHacker Trojan/CoinMiner.j 20160119
TrendMicro TROJ_COINMINE.NC 20160120
TrendMicro-HouseCall TROJ_COINMINE.NC 20160120
VBA32 Trojan.BitCoinMiner 20160119
VIPRE Trojan.Win32.Generic!BT 20160120
ViRobot Trojan.Win64.S.BitCoinMiner.1563136[h] 20160120
Zillya Trojan.BitCoinMiner.Win64.1 20160120
Alibaba 20160120
ALYac 20160120
Avast 20160120
ByteHero 20160120
ClamAV 20160120
CMC 20160111
Emsisoft 20160120
Fortinet 20160120
Jiangmin 20160120
Microsoft 20160120
nProtect 20160120
Qihoo-360 20160120
Tencent 20160120
Zoner 20160120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
FileVersionInfo properties
PE header basic information
Target machine x64
Compilation timestamp 2014-07-23 11:54:38
Entry Point 0x0032228A
Number of sections 9
PE sections
Overlays
MD5 58d417c6ee24661ecd27c669d63d79e3
File type data
Offset 1536
Size 408064
Entropy 7.91
PE imports
AdjustTokenPrivileges
LocalFree
LCMapStringW
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleFileNameA
MessageBoxW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

SubsystemVersion
5.2

MachineType
AMD AMD64

TimeStamp
2014:07:23 12:54:38+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
685056

LinkerVersion
11.0

FileTypeExtension
exe

InitializedDataSize
534016

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0x32228a

OSVersion
5.2

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 eedb9d86ae8abc65fa7ac7c6323d4e8f
SHA1 ce1fbf382e89146ea5a22ae551b68198c45f40e4
SHA256 d0326f0ddce4c00f93682e3a6f55a3125f6387e959e9ed6c5e5584e78e737078
ssdeep
24576:Mf79KQimeoyEgM8dSGDeCAQ4GYwEkYEDI3BiiVzKJo23bvH5xh8wtDzgClYAdC51:b3EciPG9E/LBVeJo2Vsw57lYAA51

authentihash 03b53c7ab4613e193813d5bfcf48fa626b8172ab4ff9814373d0c50b71c370f9
imphash de374bd0d52433ab46e2fe7e4daf1ffe
File size 1.5 MB ( 1563136 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits peexe assembly overlay

VirusTotal metadata
First submission 2014-07-25 09:40:05 UTC (4 年, 10 ヶ月前)
Last submission 2019-02-13 15:36:07 UTC (3 ヶ月前)
ファイル名 NsCpuCNMiner64.exe
a520b30d480f87e6_nscpucnminer64.exe
eedb9d86ae8abc65fa7ac7c6323d4e8f
agfnakafausf.exe
dwm.exe
NsCpuCNMiner64.exe
nscpucnminer64.exe
msinit.exe
b1a9c70c445be77d_nscpucnminer64.exe
NsCpuCNMiner64.exe
nscpucnminer64.exe
file-7484407_exe
SecuCurrWorker64.exe
A
NsCpuCNMiner64_6.exe_
agfnakafausf.exe
Claymore CryptoNote CPU Miner (4)
crome.exe
3d19879bf186cfcc_nscpucnminer64.exe
SecuCurrWorker64.exe
MinerGate.exe
svchost.exe
eedb9d86ae8abc65fa7ac7c6323d4e8f
svchost.exe
secucurrworker64.exe.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。