How to remove dether.exe
dether.exe
The module dether.exe has been detected as Trojan.CoinMiner
File Details
| Product Name: | XMRig |
| Company Name: | www.xmrig.com |
| MD5: | 30843cdd1e1eb312d1cce94c3c826c88 |
| Size: | 1 MB |
| First Published: | 2018-10-18 03:12:09 (6 years ago) |
| Latest Published: | 2022-03-10 23:53:34 (3 years ago) |
| Status: | Trojan.CoinMiner (on last analysis) | |
| Analysis Date: | 2022-03-10 23:53:34 (3 years ago) |
Common Places:
| %appdata% |
| %appdata%\adobe\x86v8 |
| %sysdrive%\$recycle.bin |
| %system%\config\systemprofile\appdata\roaming |
| %sysdrive%\$recycle.bin\s-1-5-21-745511899-3870050724-1201370372-1000 |
| %sysdrive%\$recycle.bin\s-1-5-21-655610334-2854561502-1213683250-1000 |
| %sysdrive% |
| %appdata% |
| %appdata% |
| %appdata% |
File Names:
| NsCpuCNMiner32.exe |
| dether.exe |
| $RNHCZZJ.exe |
| $RFMTH8W.exe |
Geography:
| Russia | 29.1% | |
| Vietnam | 6.6% | |
| Turkey | 5.9% | |
| India | 5.4% | |
| Taiwan | 5.2% | |
| Pakistan | 5.2% | |
| Belarus | 4.5% | |
| Kazakhstan | 4.3% | |
| Iran | 3.8% | |
| Brazil | 2.8% | |
| Ukraine | 2.8% | |
| Dominican Republic | 2.8% | |
| Japan | 2.6% | |
| Indonesia | 2.6% | |
| Poland | 2.1% | |
| Kyrgyzstan | 1.4% | |
| Uzbekistan | 1.4% | |
| Argentina | 1.2% | |
| Venezuela | 1.2% | |
| Nigeria | 0.9% | |
| Philippines | 0.9% | |
| Singapore | 0.7% | |
| Romania | 0.7% | |
| France | 0.5% | |
| Saudi Arabia | 0.5% | |
| Niger | 0.5% | |
| Zambia | 0.5% | |
| Bolivia | 0.5% | |
| Czech Republic | 0.5% | |
| Kenya | 0.2% | |
| United States | 0.2% | |
| Mexico | 0.2% | |
| Germany | 0.2% | |
| Austria | 0.2% | |
| Ghana | 0.2% | |
| Morocco | 0.2% | |
| Rwanda | 0.2% | |
| Ethiopia | 0.2% | |
| Bulgaria | 0.2% | |
| Cuba | 0.2% | |
| Greece | 0.2% |
OS Version:
| Windows 7 | 67.1% | |
| Windows Server 2008 R2 | 12.4% | |
| Windows 10 | 7.9% | |
| Windows Server 2012 R2 | 6.2% | |
| Windows Vista | 2.8% | |
| Windows Server 2012 | 1.7% | |
| Windows 8.1 | 1.7% | |
| Windows 8 | 0.3% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 32 |
| Image Base: | 0x00400000 |
| Entry Address: | 0x00001500 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 1226240 | 0cbe6e4648bdff3055fbadd5092287ec |
| .data | 2048 | b30c61845b2c0c6adbb30d656345a43c |
| .rdata | 82944 | e4d2fcff1abaf149ceb59b643396a9f8 |
| .eh_fram | 145920 | ae6cbfff48fa5965a90c5a45a6843d6e |
| .bss | 0 | 00000000000000000000000000000000 |
| .edata | 1536 | 40052207829683fa93ebe1c4dde6acc2 |
| .idata | 9216 | 112ca0285799d6cb8afbca02928cf25c |
| .CRT | 512 | efb45552e31f267cbf06aa19d9566084 |
| .tls | 512 | c61851aab890bbf876037a151530fc27 |
| .rsrc | 23808 | 113e2e8b7aa8220cbc61be8bbf1f2a8b |
| .reloc | 28160 | db57264f0799c55c3bcb93a0c88e7810 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for dether.exe
