How to remove gw64-core2.exe
- File Details
- Overview
- Analysis
gw64-core2.exe
The module gw64-core2.exe has been detected as Trojan.CoinMiner
File Details
MD5: |
d2a4d1247752fb186841ff4c2985341b |
Size: |
1 MB |
First Published: |
2017-05-21 04:03:18 (7 years ago) |
Latest Published: |
2021-01-07 05:24:41 (4 years ago) |
Status: |
Trojan.CoinMiner (on last analysis) |
|
Analysis Date: |
2021-01-07 05:24:41 (4 years ago) |
%localappdata%\microsoft\windows\temporary internet files\content.ie5\63wktr3i |
%appdata%\isminer |
%localappdata%\microsoft\windows\inetcache\ie\s2yyy9sc |
%localappdata%\microsoft\windows\inetcache\ie\xps6legv |
%localappdata%\microsoft\windows\inetcache\ie\6t9omhvx |
%localappdata%\microsoft\windows\inetcache\ie\vap0wrij |
%localappdata%\microsoft\windows\inetcache\ie\y5ul59vj |
%sysdrive%\quarantine_mzk\folders\201705094531730\isminer. 4.54.34.10 |
%localappdata%\microsoft\windows\inetcache\ie\vb0ws7fi |
%sysdrive%\adwcleaner\quarantine\files\zortwmaugpgymabifiufgtqifpygsshg |
gw64-core2[1].exe |
gw64-core2.exe |
cpuminer-gw64-core2.exe |
gw64-core2.exe.quarantined |
$REO1XMY.exe |
sprotect-core2.exe |
$RK8KNZO.exe |
$RB77PDV.exe |
webproxy.exe |
Core2.exe |
_iocache_.dat |
wmipvrse.exe |
core2.exe |
|
30.4% |
|
|
14.0% |
|
|
7.1% |
|
|
6.4% |
|
|
5.4% |
|
|
4.9% |
|
|
4.4% |
|
|
2.3% |
|
|
2.3% |
|
|
1.9% |
|
|
1.7% |
|
|
1.6% |
|
|
1.3% |
|
|
1.3% |
|
|
1.2% |
|
|
1.0% |
|
|
0.9% |
|
|
0.9% |
|
|
0.9% |
|
|
0.9% |
|
|
0.7% |
|
|
0.6% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
Windows 10 |
50.6% |
|
Windows 7 |
36.9% |
|
Windows 8.1 |
10.1% |
|
Windows 8 |
1.4% |
|
Windows XP |
0.4% |
|
Windows Embedded 8.1 |
0.3% |
|
Windows Server 2008 R2 |
0.1% |
|
Windows Vista |
0.1% |
|
Analysis
Subsystem: |
Windows CUI |
PE Type: |
pe |
OS Bitness: |
64 |
Image Base: |
0x0000000000400000 |
Entry Address: |
0x003ab4b0 |
Name |
Size of data |
MD5 |
UPX0 |
0 |
00000000000000000000000000000000 |
UPX1 |
1427456 |
7e8c35e821c22cb4f9d867c1f511e4fc |
.rsrc |
31232 |
1b881030ca6fdfdba4da16e7b5bef9d0 |