× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ce22a9bdc8a7c5fd41d9b9952fc51dde86be1dc0162dbc8ff21f1db26588750
File name: sgminer.exe
Detection ratio: 28 / 68
Analysis date: 2018-02-21 17:10:30 UTC ( 3 days, 10 hours ago )
Antivirus Result Update
Avast Multi:BitCoinMiner-C [PUP] 20180221
AVG Multi:BitCoinMiner-C [PUP] 20180221
Avira (no cloud) APPL/Bitcoinminer.Gen 20180221
AVware Trojan.Win32.Generic!BT 20180221
CAT-QuickHeal Trojan.IGENERIC 20180221
Comodo .UnclassifiedMalware 20180221
Cybereason malicious.e484d4 20180205
Cylance Unsafe 20180221
Cyren W32/Trojan.MTRT-4429 20180221
DrWeb Trojan.BtcMine.911 20180221
eGambit Unsafe.AI_Score_78% 20180221
Endgame malicious (high confidence) 20180216
ESET-NOD32 a variant of Win32/CoinMiner.BF potentially unwanted 20180221
Fortinet Riskware/CoinMiner 20180221
GData Win32.Application.CoinMiner.T@gen 20180221
Ikarus PUA.Gen 20180221
Sophos ML heuristic 20180121
K7AntiVirus Unwanted-Program ( 004d49291 ) 20180221
K7GW Unwanted-Program ( 004d49291 ) 20180221
Palo Alto Networks (Known Signatures) generic.ml 20180221
Panda Trj/CI.A 20180221
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Bitcoin Miner (PUA) 20180221
Symantec Trojan.Gen.2 20180221
VIPRE Trojan.Win32.Generic!BT 20180221
Webroot W32.Malware.Gen 20180221
Yandex Riskware.Agent! 20180221
Zillya Trojan.BitCoinMiner.Win32.238 20180220
Ad-Aware 20180221
AegisLab 20180221
AhnLab-V3 20180221
Alibaba 20180216
ALYac 20180221
Antiy-AVL 20180221
Arcabit 20180221
Avast-Mobile 20180221
Baidu 20180208
BitDefender 20180221
Bkav 20180212
ClamAV 20180221
CMC 20180221
CrowdStrike Falcon (ML) 20170201
Emsisoft 20180221
F-Prot 20180221
F-Secure 20180221
Jiangmin 20180221
Kaspersky 20180221
Kingsoft 20180221
Malwarebytes 20180221
MAX 20180221
McAfee 20180221
McAfee-GW-Edition 20180221
Microsoft 20180221
eScan 20180221
NANO-Antivirus 20180221
nProtect 20180221
Qihoo-360 20180221
Rising 20180221
SUPERAntiSpyware 20180221
Symantec Mobile Insight 20180220
Tencent 20180221
TheHacker 20180219
TotalDefense 20180221
TrendMicro 20180221
TrendMicro-HouseCall 20180221
Trustlook 20180221
VBA32 20180221
ViRobot 20180221
WhiteArmor 20180205
ZoneAlarm by Check Point 20180221
Zoner 20180221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-21 02:18:04
Entry Point 0x0000126C
Number of sections 8
PE sections
Overlays
MD5 ec2ee17380374b4cfa0d7eadc17519cf
File type ASCII text
Offset 1313792
Size 14
Entropy 3.09
PE imports
GetLastError
GetStdHandle
EnterCriticalSection
WaitForSingleObject
FreeLibrary
VirtualProtect
ExitProcess
SetConsoleCursorPosition
LoadLibraryA
DeleteCriticalSection
SetThreadPriority
MultiByteToWideChar
GetProcAddress
GetConsoleScreenBufferInfo
GetCurrentThread
IsDBCSLeadByteEx
WideCharToMultiByte
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
CreateWaitableTimerA
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
FormatMessageA
SetWaitableTimer
SleepEx
LeaveCriticalSection
clGetDeviceIDs
clReleaseKernel
clReleaseContext
clCreateCommandQueue
clGetPlatformIDs
clBuildProgram
clCreateContextFromType
clGetDeviceInfo
clEnqueueNDRangeKernel
clReleaseProgram
clCreateProgramWithSource
clSetKernelArg
clCreateKernel
clReleaseCommandQueue
clGetProgramInfo
clGetPlatformInfo
clEnqueueWriteBuffer
clEnqueueReadBuffer
clFinish
clCreateBuffer
clGetProgramBuildInfo
clCreateProgramWithBinary
timeEndPeriod
timeBeginPeriod
getaddrinfo
htonl
accept
ioctlsocket
freeaddrinfo
connect
shutdown
htons
select
getsockopt
closesocket
ntohl
inet_addr
send
ntohs
WSAGetLastError
listen
__WSAFDIsSet
inet_ntoa
recv
setsockopt
socket
bind
recvfrom
sendto
curl_global_init
curl_easy_init
curl_easy_reset
curl_slist_free_all
curl_global_cleanup
curl_easy_setopt
curl_slist_append
curl_easy_perform
curl_easy_getinfo
curl_easy_cleanup
initscr
LINES
newwin
echo
erase
wrefresh
wprintw
wmove
idlok
immedok
mvwprintw
nocbreak
cbreak
halfdelay
mvwhline
stdscr
leaveok
wattroff
wattron
wclear
getmaxy
getmaxx
wgetnstr
endwin
mvwin
wresize
wclrtoeol
wgetch
noecho
delwin
scrollok
touchwin
strncmp
__p__fmode
malloc
mbstowcs
sscanf
_access
__p__environ
fgetc
realloc
fread
fclose
strcat
_stricmp
atexit
abort
_setmode
_assert
fflush
fopen
strncpy
_cexit
fputc
strncat
strtol
_execv
_isctype
_errno
strtod
fwrite
fseek
qsort
_onexit
wcslen
ftell
_snprintf
strcspn
memcmp
_strdup
_filbuf
toupper
localtime
strchr
exit
tolower
_fdopen
_pctype
free
getenv
setlocale
_isatty
atoi
vfprintf
__getmainargs
calloc
strstr
atof
raise
_stat
wcstombs
_vsnprintf
perror
memmove
log10
localeconv
floor
strerror
strcmp
strcpy
time
exp
__mb_cur_max
_strnicmp
strtok
div
__set_app_type
signal
memchr
_iob
sem_wait
sem_post
pthread_join
ptw32_pop_cleanup
pthread_mutex_lock
pthread_cond_signal
pthread_cond_destroy
pthread_create
sem_timedwait
sem_destroy
pthread_testcancel
pthread_mutex_init
sem_init
pthread_mutex_trylock
pthread_setcancelstate
pthread_detach
sem_trywait
pthread_rwlock_trywrlock
pthread_cond_init
sched_yield
pthread_cond_broadcast
pthread_rwlock_rdlock
pthread_rwlock_wrlock
pthread_mutex_unlock
pthread_cond_timedwait
ptw32_push_cleanup
pthread_mutex_destroy
pthread_cancel
pthread_cond_wait
pthread_setcanceltype
pthread_self
pthread_rwlock_init
pthread_rwlock_unlock
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:21 03:18:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
936448

LinkerVersion
2.22

EntryPoint
0x126c

InitializedDataSize
1312768

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
34304

File identification
MD5 aef038ae484d4d4b1e9db9dcb41d3b7f
SHA1 3a51a32e65d9854e9e22136169e680f9dae05545
SHA256 1ce22a9bdc8a7c5fd41d9b9952fc51dde86be1dc0162dbc8ff21f1db26588750
ssdeep
24576:k/EvBNcExjsl/jCCU0/moSUZCmJNyMSKIXOu4FuXmTqeltMhs3oRir3e31Uw3e6X:PvPjs9jRUMSUzyMSKIXOu4iRRye31d3/

authentihash a12f017b2ded5af95187b88e1d6b04c79cbbe53c3d238423818af5a7b4ed55e1
imphash d0055e5521ee747a633f3a6f2e4c4958
File size 1.3 MB ( 1313806 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-08-21 05:57:45 UTC ( 1 year, 6 months ago )
Last submission 2017-06-20 00:51:42 UTC ( 8 months, 1 week ago )
File names 1ce22a9bdc8a7c5fd41d9b9952fc51dde86be1dc0162dbc8ff21f1db26588750
sgminer.exe
sgminer.exe
1ce22a9bdc8a7c5fd41d9b9952fc51dde86be1dc0162dbc8ff21f1db26588750
sgminer.exe
sgminer.exe
sgminer.exe
sgminer.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!