How to remove debug.exe
debug.exe
The module debug.exe has been detected as Trojan.CoinMiner
File Details
Product Name: | NSSM 64-bit |
Company Name: | Iain Patterson |
MD5: | 1e706b1e8d3bd3764e3ee4bf5fe509d8 |
Size: | 345 KB |
First Published: | 2017-09-30 07:02:47 (7 years ago) |
Latest Published: | 2021-03-04 04:38:58 (3 years ago) |
Status: | Trojan.CoinMiner (on last analysis) | |
Analysis Date: | 2021-03-04 04:38:58 (3 years ago) |
Common Places:
%sysdrive%\windows |
%windir%\debug |
%windir%\logs\logsfiles64 |
%windir%\secyritii64 |
%commonappdata% |
%system% |
%windir% |
%sysdrive%\$recycle.bin\s-1-5-21-1670256533-2662537330-1115340039-500 |
%sysdrive% |
%programfiles%\mysqlkingtool |
File Names:
WinSvchost.exe |
debug.exe |
nssm.exe |
winsvchost.exe |
svchost.exe |
svchost.exe.quarantined |
mysql-nt.exe |
1sass.exe |
445dll.exe |
taskhost.exe |
Geography:
62.0% | ||
17.9% | ||
3.5% | ||
2.7% | ||
2.4% | ||
1.6% | ||
1.4% | ||
1.4% | ||
1.4% | ||
1.4% | ||
1.1% | ||
1.1% | ||
0.5% | ||
0.5% | ||
0.5% | ||
0.3% | ||
0.3% |
OS Version:
Windows Server 2008 R2 | 56.8% | |
Windows 7 | 25.3% | |
Windows Server 2012 R2 | 10.9% | |
Windows Server 2012 | 4.3% | |
Windows 10 | 1.4% | |
Windows 8.1 | 0.5% | |
Windows Server 2016 | 0.5% | |
Windows Web Server 2008 R2 | 0.3% |
Analysis
Subsystem: | Windows CUI |
PE Type: | pe |
OS Bitness: | 64 |
Image Base: | 0x0000000140000000 |
Entry Address: | 0x0001b9b0 |
PE Sections:
Name | Size of data | MD5 |
.text | 144384 | 2565872698a60f8c25c6ff4e68066c85 |
.rdata | 31232 | 06a27cf51bc80f1a474b60cc7c384652 |
.data | 7680 | ddca383eee9dc3b16d7032106dd9656e |
.pdata | 7168 | aa7f2a99869759897b445353eb04fe90 |
.rsrc | 162304 | c8a18618428fdc3b620e204edbb16c14 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for debug.exe