File name:

cpuminer.exe

Full analysis: https://app.any.run/tasks/f794761d-5d10-453e-ac92-2f56a017f007
Verdict: Malicious activity
Threats:

Crypto mining malware is a resource-intensive threat that infiltrates computers with the purpose of mining cryptocurrencies. This type of threat can be deployed either on an infected machine or a compromised website. In both cases the miner will utilize the computing power of the device and its network bandwidth.

Malware Trends Tracker     >>>
Analysis date: June 21, 2025, 01:47:01
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
coinminer
miner
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (console) x86-64, for MS Windows, 3 sections
MD5:

6ED9442536C98550328A1602A3504034

SHA1:

17836C8F564758463560338C9EC6C108F123E610

SHA256:

A462535352A73FBEF581E21F54C3E5315003673918B71293E1C20457F9C77E47

SSDEEP:

98304:q0MZ8eu5Fy7+/9EaXakMDPHvTYJiWkhPBUONrsasC3YFmk:36

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • COINMINER has been found (auto)

      • cpuminer.exe (PID: 320)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • cpuminer.exe (PID: 320)
      • cpuminer.exe (PID: 6228)

    • The sample compiled with english language support

      • cpuminer.exe (PID: 320)

    • Manual execution by a user

      • cpuminer.exe (PID: 6228)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (47)
.exe | UPX compressed Win32 Executable (46.1)
.exe | Generic Win/DOS Executable (3.4)
.exe | DOS Executable Generic (3.4)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2016:02:10 08:30:23+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 12
CodeSize: 3117056
InitializedDataSize: 20480
UninitializedDataSize: 3735552
EntryPoint: 0x489820
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows command line
FileVersionNumber: 1.2.0.0
ProductVersionNumber: 1.2.0.0
FileFlagsMask: 0x003f
FileFlags: Special build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
FileVersion: 1.2
LegalCopyright: Copyright (C) 2015
ProductName: cpuminer-multi
ProductVersion: 1.2
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start cpuminer.exe no specs conhost.exe no specs cpuminer.exe conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
320"C:\Users\admin\Desktop\cpuminer.exe" C:\Users\admin\Desktop\cpuminer.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Version:
1.2
Modules
Images
c:\users\admin\desktop\cpuminer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
5928\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execpuminer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6228"C:\Users\admin\Desktop\cpuminer.exe" C:\Users\admin\Desktop\cpuminer.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Version:
1.2
Modules
Images
c:\users\admin\desktop\cpuminer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
6892\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execpuminer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
192
Read events
192
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
17
DNS requests
11
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
184.25.54.100:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
184.25.50.8:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1100
SIHClient.exe
GET
200
184.25.54.100:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1100
SIHClient.exe
GET
200
184.25.54.100:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5896
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
184.25.50.8:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
184.25.54.100:80
www.microsoft.com
Telgua
SV
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1100
SIHClient.exe
172.202.163.200:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 172.217.18.14
whitelisted
crl.microsoft.com
  • 184.25.50.8
  • 184.25.50.10
whitelisted
www.microsoft.com
  • 184.25.54.100
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
cpuminer.exe