CryptoMiner[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

CryptoMiner.exe
Size

1.5MB
MD5

310eb5bd45ac9c5767d28e63ab64635b
SHA1

4ac0d40abb71e9fcff34c8f67511fc590f495f3e
SHA256

d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6
SHA512

c2b0c3e890bb92f527960230c97c9c75ce50a2b9c4186c1dea87f7e55892702ac82805e5a038b8d32614790357c3ad113afe63e7f77cc99866801f4fdbac5e97
SSDEEP

24576:07L4j8tb74F0xt7ruJV/QujUOycEvgyJrDybsxXX+ZVGNVooHI9s5KCfj2:07L4jIIct7w/QujMvOgUwLoKIG2

Score

N/A

Malware Config

Signatures

Files

CryptoMiner.exe
.exe windows x86

efad26290bf4d1a676b7ad79139e8cdb

Code Sign

01:ca:3a:6d:bd:89:e3:ba:09:a6:98:32:60:fe:8f:96
Certificate

Issuer

CN=Certum Domain Validation CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

28-09-2021 15:03

Not After

28-10-2022 15:03

Subject

CN=*.elo.com

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fc:9c:bf:3e:2a:57:3b:1d:02:a5:4a:7c:1d:74:04:9c:11:bb:2a:99:67:cd:1f:96:60:0e:93:32:66:ac:56:33
Signer

Actual PE Digest

fc:9c:bf:3e:2a:57:3b:1d:02:a5:4a:7c:1d:74:04:9c:11:bb:2a:99:67:cd:1f:96:60:0e:93:32:66:ac:56:33

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=*.elo.com

04-05-2022 18:22
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GenerateConsoleCtrlEvent
GlobalAlloc
LoadLibraryW
FreeConsole
GetAtomNameW
GetACP
MultiByteToWideChar
GetLastError
GetProcAddress
OutputDebugStringW
GetCurrentProcessId
AddConsoleAliasA
GlobalReAlloc
SetEndOfFile
CreateFileW
CreateFileA
WriteConsoleW
AllocConsole
SetConsoleTitleW
GetConsoleAliasExesA
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
GetCPInfo
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
CloseHandle
GetModuleHandleW
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
FlushFileBuffers
ReadFile
SetFilePointer
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapReAlloc
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetProcessHeap

user32

OffsetRect
MessageBoxA
IsRectEmpty
InvertRect

gdi32

ResizePalette
SaveDC

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efad26290bf4d1a676b7ad79139e8cdb

Code Sign

01:ca:3a:6d:bd:89:e3:ba:09:a6:98:32:60:fe:8f:96Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

fc:9c:bf:3e:2a:57:3b:1d:02:a5:4a:7c:1d:74:04:9c:11:bb:2a:99:67:cd:1f:96:60:0e:93:32:66:ac:56:33Signer

Signature Validations

Verification

04-05-2022 18:22 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 6KB - Virtual size: 14KB

.reloc Size: 11KB - Virtual size: 11KB

.rsrc Size: 369KB - Virtual size: 368KB

01:ca:3a:6d:bd:89:e3:ba:09:a6:98:32:60:fe:8f:96
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

fc:9c:bf:3e:2a:57:3b:1d:02:a5:4a:7c:1d:74:04:9c:11:bb:2a:99:67:cd:1f:96:60:0e:93:32:66:ac:56:33
Signer

04-05-2022 18:22
Valid: false

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 6KB - Virtual size: 14KB

.reloc
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 369KB - Virtual size: 368KB