ServHelper

ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

xmrig

XMRig is a high performance, open source, cross platform CPU/GPU miner.

Grants admin privileges

Uses net.exe to modify the user's privileges.

Modifies RDP port number used by Windows

Sets DLL path for service in the registry