How to remove spolsv.exe
spolsv.exe
The module spolsv.exe has been detected as Trojan.CoinMiner
File Details
| Product Name: | NSSM 64-bit |
| Company Name: | Iain Patterson |
| MD5: | 1136efb1a46d1f2d508162387f30dc4d |
| Size: | 360 KB |
| First Published: | 2017-12-26 05:11:56 (7 years ago) |
| Latest Published: | 2021-11-16 21:53:24 (3 years ago) |
| Status: | Trojan.CoinMiner (on last analysis) | |
| Analysis Date: | 2021-11-16 21:53:24 (3 years ago) |
Common Places:
| %windir% |
| %sysdrive%\nssm |
| %sysdrive%\couchdb |
| %sysdrive%\python27\lib\site-packages\rekall_core-1.7.2rc1-py2.7.egg |
| %sysdrive%\tools\rekall |
| %sysdrive%\tools\rekall-master\rekall-core |
| %commonappdata% |
| %sysdrive%\tcpu69\programm |
| %sysdrive%\eloproffession\servers\elo-analytics |
| %profile% |
File Names:
| taskhost.exe |
| spolsv.exe |
| nssm.exe |
| svchost.exe |
| svchosts.exe |
| nssm64.exe |
| systransport.exe |
| $R57R4QW.exe |
Geography:
| Russia | 14.6% | |
| Ukraine | 10.1% | |
| United States | 7.3% | |
| Brazil | 6.7% | |
| China | 6.2% | |
| Spain | 3.9% | |
| Portugal | 3.9% | |
| United Kingdom | 3.9% | |
| Vietnam | 3.4% | |
| Algeria | 3.4% | |
| Taiwan | 3.4% | |
| Turkey | 2.8% | |
| Germany | 2.8% | |
| Thailand | 2.2% | |
| Iran | 2.2% | |
| Seychelles | 1.7% | |
| India | 1.7% | |
| Netherlands | 1.7% | |
| Kuwait | 1.7% | |
| Saudi Arabia | 1.7% | |
| Romania | 1.1% | |
| South Korea | 1.1% | |
| Puerto Rico | 1.1% | |
| Belarus | 1.1% | |
| France | 1.1% | |
| Belgium | 1.1% | |
| Japan | 1.1% | |
| Bolivia | 1.1% | |
| Poland | 1.1% | |
| Australia | 0.6% | |
| Tanzania | 0.6% | |
| Malaysia | 0.6% | |
| Moldova | 0.6% | |
| Italy | 0.6% | |
| Norway | 0.6% | |
| Mexico | 0.6% | |
| Indonesia | 0.6% |
OS Version:
| Windows 10 | 58.3% | |
| Windows 7 | 18.3% | |
| Windows Server 2012 R2 | 11.1% | |
| Windows Server 2008 R2 | 6.1% | |
| Windows 8.1 | 5.0% | |
| Windows Server 2012 | 0.6% | |
| Windows XP | 0.6% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 64 |
| Image Base: | 0x0000000140000000 |
| Entry Address: | 0x00019fdc |
PE Sections:
| Name | Size of data | MD5 |
| .text | 148480 | f5f9c8cb128218417203459ccb9b222d |
| .rdata | 37888 | 1c9e327397522d95d3817f087bb809f2 |
| .data | 8704 | f09e801d43fcb7bf7953c90d1a225fb2 |
| .pdata | 9216 | c2821e1ad05058aec1df32f5b2da376f |
| .rsrc | 163328 | fdcd8c3db22223d7d54f2c66a88e6cd0 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for spolsv.exe
