How to remove dether.exe
dether.exe
The module dether.exe has been detected as Trojan.CoinMiner
File Details
| Product Name: | XMRig |
| Company Name: | www.xmrig.com |
| MD5: | 3587409a3bbf53be5808dd5fccdbabe1 |
| Size: | 943 KB |
| First Published: | 2018-04-10 12:01:56 (7 years ago) |
| Latest Published: | 2021-01-10 20:34:14 (4 years ago) |
| Status: | Trojan.CoinMiner (on last analysis) | |
| Analysis Date: | 2021-01-10 20:34:14 (4 years ago) |
Common Places:
| %appdata% |
| %appdata%\adobe |
| %sysdrive%\$recycle.bin |
| %appdata%\x86 |
| %sysdrive%\backup my document\appdata\roaming\adobe |
| %system%\config\systemprofile\appdata\roaming |
| %system%\config\systemprofile\appdata\roaming\adobe |
| %sysdrive%\adobe |
| %desktop% |
| %sysdrive%\$recycle.bin\s-1-5-21-1123861655-3488477190-4101986256-1140\$rgcrb3d\appdata\roaming |
File Names:
| NsCpuCNMiner64.exe |
| dether.exe |
| $RAGW357.exe |
| $RY0RPZW.exe |
| NsCpuCNMiner64.exe.quarantined |
| data[1].dat |
| $RIQB81S.exe |
| NsCpuCNMiner64.exe.vir |
| $RIICWVF.exe |
| $RZ5MU2K.exe |
Geography:
| 14.5% | ||
| 11.4% | ||
| 9.8% | ||
| 8.9% | ||
| 5.9% | ||
| 5.7% | ||
| 5.5% | ||
| 2.9% | ||
| 2.7% | ||
| 2.6% | ||
| 2.5% | ||
| 2.3% | ||
| 1.9% | ||
| 1.8% | ||
| 1.6% | ||
| 1.4% | ||
| 1.2% | ||
| 1.2% | ||
| 1.2% | ||
| 1.1% | ||
| 1.1% | ||
| 1.1% | ||
| 0.8% | ||
| 0.8% | ||
| 0.8% | ||
| 0.7% | ||
| 0.6% | ||
| 0.6% | ||
| 0.5% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% |
OS Version:
| Windows 7 | 72.5% | |
| Windows Server 2008 R2 | 12.7% | |
| Windows Server 2012 R2 | 7.5% | |
| Windows 10 | 3.2% | |
| Windows 8.1 | 2.2% | |
| Windows Server 2012 | 0.8% | |
| Windows 8 | 0.5% | |
| Windows Vista | 0.5% | |
| Windows Small Business Server 2011 | 0.1% | |
| Windows Storage Server | 0.1% | |
| Windows Embedded 8.1 | 0.1% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 64 |
| Image Base: | 0x0000000000400000 |
| Entry Address: | 0x000014e0 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 788480 | 2c1c7bc3b4dce9f6b69ae5a81d9490e7 |
| .data | 1024 | 0f3a03150879bf4df5b81f02b3127136 |
| .rdata | 85504 | 4fff895ec597fc29b168a0a46b024524 |
| .pdata | 25088 | 40b57b0a008808613d1b8b5459237909 |
| .xdata | 23552 | 28ae2277206421baa59bb6990206b749 |
| .bss | 0 | 00000000000000000000000000000000 |
| .edata | 1536 | ea9a25e149a2d2a43e89bbd0f24544ac |
| .idata | 12288 | 7f7268473913e2b935a0afefb8b8a5ee |
| .CRT | 512 | a8d9952d50dac07d39d8f2db38341220 |
| .tls | 512 | bf619eac0cdf3f68d496ea9344137e8b |
| .rsrc | 23832 | 356b17ac658fc48e7e6736064209ad54 |
| .reloc | 2560 | 81533db330fc59a2318d6eae25010fba |
More information:
Download GridinSoft
Anti-Malware - Removal tool for dether.exe
