× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ce22a9bdc8a7c5fd41d9b9952fc51dde86be1dc0162dbc8ff21f1db26588750
File name: sgminer.exe
Detection ratio: 37 / 64
Analysis date: 2017-07-24 17:28:18 UTC ( 4 weeks, 1 day ago )
Antivirus Result Update
Ad-Aware Adware.GenericKD.4845964 20170724
AegisLab Appl.Bitcoinminer.Gen!c 20170724
ALYac Adware.GenericKD.4845964 20170724
Arcabit Adware.Generic.D49F18C 20170724
Avast Multi:BitCoinMiner-C [PUP] 20170724
AVG Multi:BitCoinMiner-C [PUP] 20170724
Avira (no cloud) APPL/Bitcoinminer.Gen 20170724
AVware Trojan.Win32.Generic!BT 20170721
BitDefender Adware.GenericKD.4845964 20170724
CAT-QuickHeal Trojan.IGENERIC 20170724
Cylance Unsafe 20170724
Cyren W32/Trojan.MTRT-4429 20170724
DrWeb Trojan.BtcMine.911 20170724
Emsisoft Adware.GenericKD.4845964 (B) 20170724
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of Win32/BitCoinMiner.BF potentially unsafe 20170724
F-Secure Adware.GenericKD.4845964 20170724
Fortinet Riskware/BitCoinMiner 20170724
GData Adware.GenericKD.4845964 20170724
Ikarus not-a-virus:RiskTool.Win32.BitCoinMiner 20170724
K7AntiVirus Unwanted-Program ( 004d49291 ) 20170724
K7GW Unwanted-Program ( 004d49291 ) 20170724
MAX malware (ai score=48) 20170724
McAfee Artemis!AEF038AE484D 20170723
McAfee-GW-Edition BehavesLike.Win32.PUP.th 20170724
eScan Adware.GenericKD.4845964 20170724
Palo Alto Networks (Known Signatures) generic.ml 20170724
Rising Malware.Heuristic!ET#98% (rdm+) 20170724
Sophos AV Generic PUA DK (PUA) 20170724
Symantec Trojan.Gen.2 20170724
TrendMicro TROJ_GEN.R0CCC0OED17 20170724
TrendMicro-HouseCall TROJ_GEN.R0CCC0OED17 20170724
VIPRE Trojan.Win32.Generic!BT 20170724
ViRobot Adware.Bitcoinminer.1313806 20170724
Webroot W32.Malware.Gen 20170724
Yandex Riskware.Agent! 20170724
Zillya Trojan.BitCoinMiner.Win32.238 20170724
AhnLab-V3 20170724
Alibaba 20170724
Antiy-AVL 20170724
Baidu 20170724
Bkav 20170724
ClamAV 20170724
CMC 20170724
Comodo 20170724
CrowdStrike Falcon (ML) 20170710
F-Prot 20170724
Sophos ML 20170607
Jiangmin 20170724
Kaspersky 20170724
Kingsoft 20170724
Malwarebytes 20170724
Microsoft 20170724
NANO-Antivirus 20170724
nProtect 20170724
Panda 20170724
Qihoo-360 20170724
SentinelOne (Static ML) 20170718
SUPERAntiSpyware 20170724
Symantec Mobile Insight 20170724
Tencent 20170724
TheHacker 20170724
TotalDefense 20170724
Trustlook 20170724
VBA32 20170724
ZoneAlarm by Check Point 20170724
Zoner 20170724
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-21 02:18:04
Entry Point 0x0000126C
Number of sections 8
PE sections
Overlays
MD5 ec2ee17380374b4cfa0d7eadc17519cf
File type ASCII text
Offset 1313792
Size 14
Entropy 3.09
PE imports
GetLastError
GetStdHandle
EnterCriticalSection
WaitForSingleObject
FreeLibrary
VirtualProtect
ExitProcess
SetConsoleCursorPosition
LoadLibraryA
DeleteCriticalSection
SetThreadPriority
MultiByteToWideChar
GetProcAddress
GetConsoleScreenBufferInfo
GetCurrentThread
IsDBCSLeadByteEx
WideCharToMultiByte
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
CreateWaitableTimerA
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
FormatMessageA
SetWaitableTimer
SleepEx
LeaveCriticalSection
clGetDeviceIDs
clReleaseKernel
clReleaseContext
clCreateCommandQueue
clGetPlatformIDs
clBuildProgram
clCreateContextFromType
clGetDeviceInfo
clEnqueueNDRangeKernel
clReleaseProgram
clCreateProgramWithSource
clSetKernelArg
clCreateKernel
clReleaseCommandQueue
clGetProgramInfo
clGetPlatformInfo
clEnqueueWriteBuffer
clEnqueueReadBuffer
clFinish
clCreateBuffer
clGetProgramBuildInfo
clCreateProgramWithBinary
timeEndPeriod
timeBeginPeriod
getaddrinfo
htonl
accept
ioctlsocket
freeaddrinfo
connect
shutdown
htons
select
getsockopt
closesocket
ntohl
inet_addr
send
ntohs
WSAGetLastError
listen
__WSAFDIsSet
inet_ntoa
recv
setsockopt
socket
bind
recvfrom
sendto
curl_global_init
curl_easy_init
curl_easy_reset
curl_slist_free_all
curl_global_cleanup
curl_easy_setopt
curl_slist_append
curl_easy_perform
curl_easy_getinfo
curl_easy_cleanup
initscr
LINES
newwin
echo
erase
wrefresh
wprintw
wmove
idlok
immedok
mvwprintw
nocbreak
cbreak
halfdelay
mvwhline
stdscr
leaveok
wattroff
wattron
wclear
getmaxy
getmaxx
wgetnstr
endwin
mvwin
wresize
wclrtoeol
wgetch
noecho
delwin
scrollok
touchwin
strncmp
__p__fmode
malloc
mbstowcs
sscanf
_access
__p__environ
fgetc
realloc
fread
fclose
strcat
_stricmp
atexit
abort
_setmode
_assert
fflush
fopen
strncpy
_cexit
fputc
strncat
strtol
_execv
_isctype
_errno
strtod
fwrite
fseek
qsort
_onexit
wcslen
ftell
_snprintf
strcspn
memcmp
_strdup
_filbuf
toupper
localtime
strchr
exit
tolower
_fdopen
_pctype
free
getenv
setlocale
_isatty
atoi
vfprintf
__getmainargs
calloc
strstr
atof
raise
_stat
wcstombs
_vsnprintf
perror
memmove
log10
localeconv
floor
strerror
strcmp
strcpy
time
exp
__mb_cur_max
_strnicmp
strtok
div
__set_app_type
signal
memchr
_iob
sem_wait
sem_post
pthread_join
ptw32_pop_cleanup
pthread_mutex_lock
pthread_cond_signal
pthread_cond_destroy
pthread_create
sem_timedwait
sem_destroy
pthread_testcancel
pthread_mutex_init
sem_init
pthread_mutex_trylock
pthread_setcancelstate
pthread_detach
sem_trywait
pthread_rwlock_trywrlock
pthread_cond_init
sched_yield
pthread_cond_broadcast
pthread_rwlock_rdlock
pthread_rwlock_wrlock
pthread_mutex_unlock
pthread_cond_timedwait
ptw32_push_cleanup
pthread_mutex_destroy
pthread_cancel
pthread_cond_wait
pthread_setcanceltype
pthread_self
pthread_rwlock_init
pthread_rwlock_unlock
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:21 03:18:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
936448

LinkerVersion
2.22

EntryPoint
0x126c

InitializedDataSize
1312768

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
34304

File identification
MD5 aef038ae484d4d4b1e9db9dcb41d3b7f
SHA1 3a51a32e65d9854e9e22136169e680f9dae05545
SHA256 1ce22a9bdc8a7c5fd41d9b9952fc51dde86be1dc0162dbc8ff21f1db26588750
ssdeep
24576:k/EvBNcExjsl/jCCU0/moSUZCmJNyMSKIXOu4FuXmTqeltMhs3oRir3e31Uw3e6X:PvPjs9jRUMSUzyMSKIXOu4iRRye31d3/

authentihash a12f017b2ded5af95187b88e1d6b04c79cbbe53c3d238423818af5a7b4ed55e1
imphash d0055e5521ee747a633f3a6f2e4c4958
File size 1.3 MB ( 1313806 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-08-21 05:57:45 UTC ( 1 year ago )
Last submission 2017-06-20 00:51:42 UTC ( 2 months ago )
File names sgminer.exe
1ce22a9bdc8a7c5fd41d9b9952fc51dde86be1dc0162dbc8ff21f1db26588750
sgminer.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!