How to remove cpu.exe
cpu.exe
The module cpu.exe has been detected as Trojan.Agent
File Details
| Product Name: | XMRig |
| Company Name: | www.xmrig.com |
| MD5: | 8f7e699ceed3fd1ae22b55edcf246596 |
| Size: | 576 KB |
| First Published: | 2017-09-07 15:09:36 (6 years ago) |
| Latest Published: | 2020-12-06 11:19:42 (3 years ago) |
| Status: | Trojan.Agent (on last analysis) | |
| Analysis Date: | 2020-12-06 11:19:42 (3 years ago) |
Common Places:
| %sysdrive%\$recycle.bin\s-1-5-21-2033438089-1981550877-1040059160-1000\$r5u8kc9.exe |
| %commonappdata%\windowstask |
| %sysdrive%\inters |
| %sysdrive%\windows |
| %profile%\downloads\xmrig-2.3.1-gcc-win64 |
| %profile%\downloads\admin\xmrig-2.3.1-gcc-win64 |
| %appdata%\sysfiles |
| %sysdrive%\nsb.exe |
| %sysdrive%\$recycle.bin\s-1-5-21-3591424346-1136768673-2813763186-1000\$rljt1oj.exe |
| %sysdrive%\user |
File Names:
| system.exe |
| cpu.exe |
| svchost.exe |
| monitoring.exe |
| AudioDriver.exe |
| xmrisf.exe |
| xmr.exe |
| curl.exe |
| booster.exe |
| booster (1).exe |
| ieplare.exe |
| xmrig.exe |
| csrs.exe |
| xringgg64.exe |
| FMAP64.exe |
| FMAP64[1].exe |
| xmrig64.exe |
| booster.exe.425689.gzquar |
Geography:
| 32.3% | ||
| 18.9% | ||
| 8.8% | ||
| 6.7% | ||
| 4.9% | ||
| 2.4% | ||
| 2.1% | ||
| 1.8% | ||
| 1.5% | ||
| 1.5% | ||
| 1.2% | ||
| 1.2% | ||
| 1.2% | ||
| 1.2% | ||
| 1.2% | ||
| 0.9% | ||
| 0.9% | ||
| 0.6% | ||
| 0.6% | ||
| 0.6% | ||
| 0.6% | ||
| 0.6% | ||
| 0.6% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% |
OS Version:
| Windows 10 | 56.2% | |
| Windows 7 | 23.1% | |
| Windows Server 2008 R2 | 8.5% | |
| Windows 8.1 | 6.4% | |
| Windows Server 2012 R2 | 3.6% | |
| Windows 8 | 1.2% | |
| Windows Vista | 0.6% | |
| Windows Server 2003 | 0.3% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 64 |
| Image Base: | 0x0000000000400000 |
| Entry Address: | 0x00001510 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 464384 | 8e702caf063d4f805e8cd60d57a050e6 |
| .data | 1536 | 9d1ee422e1742cb5f32d78ba63f6df6d |
| .rdata | 59392 | 05249404d20f0b4766698fbbb9f79e20 |
| .pdata | 16896 | 0012392e92bcb49f2b15376d4e4c03a6 |
| .xdata | 16384 | d9a01cf3494c3df32041a1ac374ae50b |
| .bss | 0 | 00000000000000000000000000000000 |
| .idata | 11776 | 5cedc633efae7cbd021d10c492def3d4 |
| .CRT | 512 | 289ec24eed29193fc7008598ae45c85e |
| .tls | 512 | c6ef436a7694889fcf45561cf2ca98d4 |
| .rsrc | 17344 | f1a1ce6654e186dd5eb90056c4094729 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for cpu.exe
