How to remove debug.exe
debug.exe
The module debug.exe has been detected as Trojan.CoinMiner
File Details
| Product Name: | NSSM 64-bit |
| Company Name: | Iain Patterson |
| MD5: | 1e706b1e8d3bd3764e3ee4bf5fe509d8 |
| Size: | 345 KB |
| First Published: | 2017-09-30 07:02:47 (8 years ago) |
| Latest Published: | 2021-03-04 04:38:58 (4 years ago) |
| Status: | Trojan.CoinMiner (on last analysis) | |
| Analysis Date: | 2021-03-04 04:38:58 (4 years ago) |
Common Places:
| %sysdrive%\windows |
| %windir%\debug |
| %windir%\logs\logsfiles64 |
| %windir%\secyritii64 |
| %commonappdata% |
| %system% |
| %windir% |
| %sysdrive%\$recycle.bin\s-1-5-21-1670256533-2662537330-1115340039-500 |
| %sysdrive% |
| %programfiles%\mysqlkingtool |
File Names:
| WinSvchost.exe |
| debug.exe |
| nssm.exe |
| winsvchost.exe |
| svchost.exe |
| svchost.exe.quarantined |
| mysql-nt.exe |
| 1sass.exe |
| 445dll.exe |
| taskhost.exe |
Geography:
| 62.0% | ||
| 17.9% | ||
| 3.5% | ||
| 2.7% | ||
| 2.4% | ||
| 1.6% | ||
| 1.4% | ||
| 1.4% | ||
| 1.4% | ||
| 1.4% | ||
| 1.1% | ||
| 1.1% | ||
| 0.5% | ||
| 0.5% | ||
| 0.5% | ||
| 0.3% | ||
| 0.3% |
OS Version:
| Windows Server 2008 R2 | 56.8% | |
| Windows 7 | 25.3% | |
| Windows Server 2012 R2 | 10.9% | |
| Windows Server 2012 | 4.3% | |
| Windows 10 | 1.4% | |
| Windows 8.1 | 0.5% | |
| Windows Server 2016 | 0.5% | |
| Windows Web Server 2008 R2 | 0.3% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 64 |
| Image Base: | 0x0000000140000000 |
| Entry Address: | 0x0001b9b0 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 144384 | 2565872698a60f8c25c6ff4e68066c85 |
| .rdata | 31232 | 06a27cf51bc80f1a474b60cc7c384652 |
| .data | 7680 | ddca383eee9dc3b16d7032106dd9656e |
| .pdata | 7168 | aa7f2a99869759897b445353eb04fe90 |
| .rsrc | 162304 | c8a18618428fdc3b620e204edbb16c14 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for debug.exe
