How to remove 64b.exe
64b.exe
The module 64b.exe has been detected as Risk.CoinMiner
File Details
| Product Name: | XMRig |
| Company Name: | www.xmrig.com |
| MD5: | 7c00d4b65f8fa21b4934f0f097a79cd0 |
| Size: | 505 KB |
| First Published: | 2017-06-22 03:08:04 (7 years ago) |
| Latest Published: | 2020-02-26 03:55:06 (4 years ago) |
| Status: | Risk.CoinMiner (on last analysis) | |
| Analysis Date: | 2020-02-26 03:55:06 (4 years ago) |
Common Places:
| %appdata%\msvc |
| %appdata%\iemiss2 |
| %appdata%\wshshell |
| %appdata%\ieservise |
| %appdata%\ie1servise |
| %appdata%\ieserv |
| %commonappdata%\tmp |
| %commonappdata%\tmpp |
| %profile%\desktop |
| %appdata%\appdata |
File Names:
| xmrig.exe |
| 64b.exe |
| prxa.exe |
| otzc.exe |
| cgjm.exe |
| aqsx.exe |
| $REFQ59R.exe |
| xnrx.exe |
| grbc.exe |
| byns.exe |
| ejlh.exe |
| moty.exe |
| kukn.exe |
| xbfk.exe |
| jskp.exe |
| udtx.exe |
| cbqs.exe |
| earw.exe |
| izdg.exe |
| eoeg.exe |
| hfwa.exe |
| gyae.exe |
| ruxz.exe |
| BITD7E8.tmp |
| BITAC.tmp |
| BIT16CB.tmp |
| BIT9212.tmp |
| BIT50B4.tmp |
| trz33DB.tmp |
| BIT272F.tmp |
| $RKG9L58.exe |
| $RIMF3QK.exe |
| $R2AE5Y8.exe |
| $RVSSYJE.exe |
| daos.exe |
| fbtw.exe |
| msttc.exe |
| lbgj.exe |
| win1ogins.exe |
| zukn.exe |
| hcuy.exe |
| oncg.exe |
| sphm.exe |
| etwy.exe |
| ynru.exe |
| twad.exe |
| mrty.exe |
| mwnq.exe |
| xchj.exe |
| vkor.exe |
| vkor.exe.quarantined |
| xmrig.exe.quarantined |
| msttc.exe.quarantined |
| rebuild.exe |
| cef19677-626a-4a77-81fe-67073ac19ef8 |
| cpu64.exe |
| lpsu.exe |
| bdze.exe |
| umqu.exe |
| rinp.exe |
| 360rt.exe |
| hceh.exe |
| crvz.exe |
| fpfh.exe |
| koqw.exe |
| yiac.exe |
| win1ogins.Vexe |
| win1ogins.exe.quarantined |
| javad.exe |
| winiogins.exe |
| vbeg.exe |
Geography:
| 47.9% | ||
| 23.1% | ||
| 8.4% | ||
| 7.2% | ||
| 2.4% | ||
| 1.8% | ||
| 1.8% | ||
| 1.5% | ||
| 0.9% | ||
| 0.9% | ||
| 0.9% | ||
| 0.9% | ||
| 0.6% | ||
| 0.6% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% |
OS Version:
| Windows Server 2008 R2 | 42.5% | |
| Windows Server 2012 R2 | 29.9% | |
| Windows 7 | 21.0% | |
| Windows 10 | 4.2% | |
| Windows 8.1 | 2.1% | |
| Windows Server 2012 | 0.3% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 64 |
| Image Base: | 0x0000000000400000 |
| Entry Address: | 0x00001500 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 398336 | 4f326f674a94cdfbb888491a0de70b26 |
| .data | 1536 | 2894c67582cd60955d66ea69f5a722cc |
| .rdata | 55808 | 33c19dca1ce2f4612bdb3a32837c8184 |
| .pdata | 15360 | 9da5a77e05bce78403dd376b69fc9850 |
| .xdata | 14848 | 66d8fb759c61765b9cf3615e1cb132c3 |
| .bss | 0 | 00000000000000000000000000000000 |
| .idata | 11776 | 653d73388abbc6387c20bea34d45fb1c |
| .CRT | 512 | f0ce33d7d8f28ecac8aebef65e8d2719 |
| .tls | 512 | e222728f4a78e415bc33523c3f2e2127 |
| .rsrc | 17360 | 5853cc715c75ce8b1c64905df5c3eeb5 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for 64b.exe
