How to remove dether.exe

dether.exe

The module dether.exe has been detected as Trojan.CoinMiner

dether.exe
Remove dether.exe

File Details

Product Name:

XMRig
Company Name:

www.xmrig.com
MD5: 2f4e3381e0cd64b0330d509d6916b940
Size: 1 MB
First Published: 2018-10-18 03:12:09 (7 years ago)
Latest Published: 2022-03-10 23:25:54 (3 years ago)
Status: Trojan.CoinMiner (on last analysis)
Analysis Date: 2022-03-10 23:25:54 (3 years ago)

Common Places:

%appdata%
%appdata%\adobe
%system%\config\systemprofile\appdata\roaming
%sysdrive%\$recycle.bin\s-1-5-21-745511899-3870050724-1201370372-1000
%sysdrive%\$recycle.bin\s-1-5-21-655610334-2854561502-1213683250-1000
%sysdrive%\$recycle.bin
%sysdrive%
%appdata%
%appdata%
%appdata%

File Names:

NsCpuCNMiner64.exe
dether.exe
trz7012.tmp
$R5FHJYA.exe

Geography:

26.1%
5.9%
5.7%
5.5%
5.1%
4.9%
4.5%
4.3%
4.3%
4.3%
4.1%
3.7%
2.6%
2.2%
1.8%
1.6%
1.4%
1.2%
1.0%
1.0%
0.8%
0.8%
0.6%
0.6%
0.6%
0.6%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%

OS Version:

Windows 7 57.1%
Windows Server 2008 R2 15.7%
Windows Server 2012 R2 9.3%
Windows 10 9.0%
Windows Server 2012 3.8%
Windows Vista 3.1%
Windows 8.1 1.7%
Windows 8 0.2%

Analysis

Subsystem: Windows CUI
PE Type: pe
OS Bitness: 64
Image Base: 0x0000000000400000
Entry Address: 0x000014f0

PE Sections:

Name Size of data MD5
.text 882688 82da2c5b976f9e1fb2d093ec56ea1f98
.data 2560 7472d84eec50a59eb7a89bc685de45e4
.rdata 89600 ef7c7f0c79b4306c3838055b6b6ee383
.pdata 27648 75a4711f11d0d51d9ef6ebc503fc1eea
.xdata 29696 668761de9e85f2764963ee31a4a71332
.bss 0 00000000000000000000000000000000
.edata 1536 341db8f5a5f71594e9442bb666692435
.idata 12800 a110564dd0021f7464038a95c1ee28c1
.CRT 512 86f914443cf708c8162d145b124f72ae
.tls 512 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 23808 5522f44c913ad59bf706c56d79535b69
.reloc 2560 6d309dd13e52c93e744f655342fc013f

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for dether.exe
copyright for information about dether.exe