How to remove dether.exe
dether.exe
The module dether.exe has been detected as Trojan.CoinMiner
File Details
| Product Name: | XMRig |
| Company Name: | www.xmrig.com |
| MD5: | 9b8d2acc4033912f51974152a6184133 |
| Size: | 1 MB |
| First Published: | 2018-04-10 12:01:56 (7 years ago) |
| Latest Published: | 2021-01-10 20:33:47 (4 years ago) |
| Status: | Trojan.CoinMiner (on last analysis) | |
| Analysis Date: | 2021-01-10 20:33:47 (4 years ago) |
Common Places:
| %appdata% |
| %appdata%\adobe\x86 |
| %sysdrive%\$recycle.bin |
| %sysdrive%\backup my document\appdata\roaming\adobe\x86 |
| %system%\config\systemprofile\appdata\roaming |
| %system%\config\systemprofile\appdata\roaming\adobe\x86 |
| %desktop% |
| %sysdrive%\$recycle.bin\s-1-5-21-1123861655-3488477190-4101986256-1140\$rgcrb3d\appdata\roaming |
| %sysdrive%\$recycle.bin\s-1-5-21-1123861655-3488477190-4101986256-1140\$rciwnxw\appdata\roaming |
| %appdata% |
File Names:
| NsCpuCNMiner32.exe |
| dether.exe |
| $RAR9U8M.exe |
| $RK9SH37.exe |
| $R7R19S8.exe |
| NsCpuCNMiner32.exe.quarantined |
| dether.exe.quarantined |
| $RFW1EA2.exe |
| $RHLSD4B.exe |
Geography:
| 15.2% | ||
| 12.6% | ||
| 12.3% | ||
| 6.1% | ||
| 5.9% | ||
| 5.4% | ||
| 4.7% | ||
| 3.9% | ||
| 3.2% | ||
| 2.7% | ||
| 2.4% | ||
| 2.0% | ||
| 1.6% | ||
| 1.5% | ||
| 1.5% | ||
| 1.5% | ||
| 1.4% | ||
| 1.3% | ||
| 1.1% | ||
| 1.1% | ||
| 0.9% | ||
| 0.9% | ||
| 0.9% | ||
| 0.8% | ||
| 0.8% | ||
| 0.7% | ||
| 0.6% | ||
| 0.6% | ||
| 0.5% | ||
| 0.5% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.3% | ||
| 0.3% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% |
OS Version:
| Windows 7 | 81.2% | |
| Windows Server 2008 R2 | 7.3% | |
| Windows Server 2012 R2 | 4.8% | |
| Windows 10 | 3.1% | |
| Windows 8.1 | 1.9% | |
| Windows Vista | 0.6% | |
| Windows Server 2012 | 0.5% | |
| Windows 8 | 0.4% | |
| Windows Small Business Server 2011 | 0.1% | |
| Windows Storage Server | 0.1% | |
| Windows Embedded 8.1 | 0.1% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 32 |
| Image Base: | 0x00400000 |
| Entry Address: | 0x00001500 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 867840 | e604635a96dce74f981e29f10c6e8206 |
| .data | 512 | ca760add493e644f6efb3993e66e12a5 |
| .rdata | 78336 | 0d69176e2b37bf1723f6c34e2f98de0e |
| .eh_fram | 130048 | 5762dd55ae33607d96d1b1fde8ebdb9d |
| .bss | 0 | 00000000000000000000000000000000 |
| .edata | 1536 | c9ef38a3b3931faac227d0121d3f05eb |
| .idata | 9728 | ebd4e02d08369d1b97c365c474f3dc99 |
| .CRT | 512 | 77d427fd42f60e8e3c67349220429a6b |
| .tls | 512 | 16d323a7d158efef56baabffc0f7226e |
| .rsrc | 23832 | dc0a4bf05c3473fa466ae8985ed1e795 |
| .reloc | 25088 | 2c0c6593a4317472bdc459cc81916119 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for dether.exe
