How to remove wmiapsvr.exe
- File Details
- Overview
- Analysis
wmiapsvr.exe
The module wmiapsvr.exe has been detected as Trojan.CoinMiner
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
702c0ba4e79c8b7571393e310bb00325 |
| Size: |
76 KB |
| First Published: |
2017-11-13 13:08:06 (7 years ago) |
| Latest Published: |
2020-11-03 12:45:10 (4 years ago) |
| Status: |
Trojan.CoinMiner (on last analysis) |
|
| Analysis Date: |
2020-11-03 12:45:10 (4 years ago) |
| %windir%\d11cache |
| %system%\wbem |
| %system% |
| %windir% |
| %system% |
| %windir% |
| TeamServers.exe |
| wmiapsvr.exe |
|
33.3% |
|
|
22.2% |
|
|
14.8% |
|
|
11.1% |
|
|
7.4% |
|
|
3.7% |
|
|
3.7% |
|
|
3.7% |
|
| Windows Server 2008 R2 |
33.3% |
|
| Windows Server 2012 R2 |
29.6% |
|
| Windows 7 |
22.2% |
|
| Windows Server 2012 |
11.1% |
|
| Windows Server 2016 |
3.7% |
|
Analysis
| Subsystem: |
Windows CUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x00002d9a |
| Name |
Size of data |
MD5 |
| .text |
49152 |
416e7e4d6c6183b7995e3097f33e7a5a |
| .rdata |
12288 |
5f0290d6616a292c13c9255a72779532 |
| .data |
8192 |
dffe4e4c016110f5edff1ae7b2cf4de3 |
| .rsrc |
4096 |
913e947444165578dfc1663792fd400b |
