How to remove kryptex4.exe
- File Details
- Overview
- Analysis
kryptex4.exe
The module kryptex4.exe has been detected as Trojan.CoinMiner
File Details
MD5: |
e685219f5704bd854d5ed6668b0e9146 |
Size: |
2 MB |
First Published: |
2017-05-21 13:07:51 (6 years ago) |
Latest Published: |
2020-12-25 13:10:01 (3 years ago) |
Status: |
Trojan.CoinMiner (on last analysis) |
|
Analysis Date: |
2020-12-25 13:10:01 (3 years ago) |
%windir%\fonts |
%appdata%\kryptex\kryptex4 |
%windir%\dell |
%windir%\winsxslog |
%windir%\winsxslog.rar\winsxslog |
%windir%\tasks |
%sysdrive%\windows |
%sysdrive%\system volume information\systemrestore\frstaging\users\adnin1\appdata\roaming\kryptex\kryptex4 |
%appdata%\claymore cryptonote cpu miner v3.5 beta - pool |
%temp%\3537.tmp.zip\claymore cryptonote cpu miner v3.5 beta - pool |
LMS.exe |
kryptex4.exe |
Update64.exe |
SystemIISSec.exe |
svchost.exe |
NsCpuCNMiner64.exe |
csrss.exe |
NsCpuCNMiner.exe |
acnom.exe |
csrs.exe |
conhosts.exe |
wup.exe |
csrss[1].exe |
winlogon.exe |
csrss.exe.quarantined |
WUDFHost.exe |
$RT05L8H.exe |
qc64.exe |
$RW6BHD2.exe |
CMiner.exe |
svc.exe |
see64.exe |
WUDFHost.exe.q_Quarantine_CB39827_q |
HostManager.exe |
smss.exe |
serviceHost.exe |
WindowsLocal.exe |
$RG1VXTS.exe |
srvan64.exe |
mdx.exe |
n11.exe |
n113.exe |
A0060589.exe |
A0040401.exe |
A0040381.exe |
A0060509.exe |
CPU_64.exe |
SystemF0D7.exe |
taskhost_32.exe |
ccexplorer.exe |
php5.exe |
cpu.exe |
EDMiner.exe |
Csrsz.exe |
System32.exe |
Update_Windows.exe |
qc64.exe.quarantined |
winRARI.exe |
RuntimeBroker.exe |
update.exe |
System64.exe |
msqservice.exe |
NSCPUCNMINER64.EXE |
taskmgr.exe |
msdc.exe |
Fiddlere.exe |
java.exe |
Minings.exe |
64.exe |
aspnet_state.exe |
conhoste.exe |
dether.exe |
sys64.exe |
msminer67.exe |
cpu_64.exe |
|
19.2% |
|
|
11.4% |
|
|
10.2% |
|
|
9.7% |
|
|
8.0% |
|
|
7.2% |
|
|
5.9% |
|
|
3.0% |
|
|
2.7% |
|
|
2.3% |
|
|
2.0% |
|
|
1.4% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
0.8% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.5% |
|
|
0.5% |
|
|
0.5% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
Windows 7 |
45.4% |
|
Windows 10 |
22.3% |
|
Windows Server 2008 R2 |
8.9% |
|
Windows 8.1 |
7.9% |
|
Windows XP |
4.4% |
|
Windows Server 2012 |
4.2% |
|
Windows Server 2012 R2 |
3.0% |
|
Windows 8 |
1.4% |
|
Windows Web Server 2008 R2 |
1.4% |
|
Windows Server 2016 |
0.8% |
|
Windows Server 2003 |
0.1% |
|
Windows Embedded Standard |
0.1% |
|
Windows Vista |
0.1% |
|
Analysis
Subsystem: |
Windows CUI |
PE Type: |
pe |
OS Bitness: |
64 |
Image Base: |
0x0000000140000000 |
Entry Address: |
0x00595705 |
Name |
Size of data |
MD5 |
.text |
0 |
00000000000000000000000000000000 |
.rdata |
0 |
00000000000000000000000000000000 |
.data |
0 |
00000000000000000000000000000000 |
.pdata |
0 |
00000000000000000000000000000000 |
.tls |
512 |
bf619eac0cdf3f68d496ea9344137e8b |
.vmp0 |
0 |
00000000000000000000000000000000 |
.vmp1 |
2591744 |
1bf9de41767e43e1fa3870fb4481d4ea |
.reloc |
512 |
b3c6b197b479fbffcb3085c61ff88ca4 |
.rsrc |
1024 |
c4dca5f4fff0de08fa2dc903604ca303 |