asyncrat | SRBMiner-Multi-2-2-5-win64[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

SRBMiner-Multi-2-2-5-win64.zip
Size

36.9MB
MD5

1c424e1e41a660ac74e40bcc3e4815c3
SHA1

97e8b3fec28afef84fee3b300fbef3a82f294d80
SHA256

3e4621c832e4d59edc849a605ce13ac346cdcbce1a3306468a9b3e6e3dfa77ba
SHA512

ab59ee60558632a2424d5865f766398e8be58791a7895e5b0bc145da7871eec6e5adbc06106db5d016dc5abba6e68dcff45f2894a77e022240204241f9918e6d
SSDEEP

786432:hbpkAMvFInVd+RYKwF2NHvApK6GLB/m4OeKk5rE7C1ZJXKeBiX2Nepv/iHzZ:hbpkAMWnzKRdvXJL1m4jT9p1vSaHzZ

Score

10^/10

rat asyncrat

Malware Config

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/SRBMiner-Multi-2-2-5/SRBMiner-MULTI.exe	asyncrat

Asyncrat family
asyncrat

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SRBMiner-Multi-2-2-5/Devcon/devcon.exe
unpack001/SRBMiner-Multi-2-2-5/SRBMULTI-Restarter/SRBMULTI-Restarter.exe
unpack001/SRBMiner-Multi-2-2-5/SRBMiner-MULTI.exe

Files

SRBMiner-Multi-2-2-5-win64.zip
.zip
SRBMiner-Multi-2-2-5/Devcon/devcon.exe
.exe windows x64

68d7a4b13b38a420769678c927abc196

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
InitiateSystemShutdownExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenServiceW
RegDeleteValueW
RegSetValueExW
OpenSCManagerW
CloseServiceHandle

kernel32

GetCurrentProcess
FormatMessageW
GetLastError
CloseHandle
LocalFree
FileTimeToSystemTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetDateFormatW
FindFirstFileW
GetFullPathNameW
FindNextFileW
FindClose
GetFileAttributesW
GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
memset
__iob_func
_initterm
_XcptFilter
free
_callnewh
malloc
wprintf
towupper
wcsrchr
_wcsnicmp
fputs
wcschr
iswalpha
fputws
_wcsicmp
towlower

ole32

CLSIDFromString

setupapi

SetupDiClassNameFromGuidExW
SetupCopyOEMInfW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Connect_MachineW
SetupDiSetClassInstallParamsW
CM_Locate_DevNode_ExW
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
SetupDiSetDeviceRegistryPropertyW
SetupDiBuildClassInfoListExW
SetupDiCreateDeviceInfoW
SetupDiGetDriverInstallParamsW
SetupDiOpenClassRegKeyExW
CM_Free_Log_Conf_Handle
SetupFindFirstLineW
SetupDiSetDeviceInstallParamsW
CM_Free_Res_Des_Handle
SetupOpenInfFileW
SetupDiDestroyDeviceInfoList
SetupDiClassGuidsFromNameExW
CM_Get_Device_ID_ExW
SetupDiGetClassDevsExW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupScanFileQueueW
SetupDiGetClassDescriptionExW
SetupOpenFileQueue
CM_Get_Next_Res_Des_Ex
CM_Get_DevNode_Status_Ex
SetupCloseInfFile
CM_Get_Res_Des_Data_Ex
SetupDiOpenDevRegKey
SetupDiDestroyDriverInfoList
SetupCloseFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiEnumDriverInfoW
SetupDiSetSelectedDriverW
CM_Get_First_Log_Conf_Ex
SetupDiGetDriverInfoDetailW
CM_Get_Res_Des_Data_Size_Ex
SetupDiBuildDriverInfoList
SetupGetStringFieldW
SetupDiCallClassInstaller

user32

CharPrevW
CharNextW
LoadStringW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SRBMiner-Multi-2-2-5/Help/Amd_Tdr_Fix/tdr_fix.reg
SRBMiner-Multi-2-2-5/Help/Gpu_Manual_Tuning.txt
SRBMiner-Multi-2-2-5/Help/Gpu_Tweaking_And_Boost.txt
SRBMiner-Multi-2-2-5/Help/Other/Enable-Huge-Pages-Windows.txt
SRBMiner-Multi-2-2-5/Help/Parameters.txt
SRBMiner-Multi-2-2-5/ReadMe.txt
SRBMiner-Multi-2-2-5/SRBMULTI-Restarter/Readme.txt
SRBMiner-Multi-2-2-5/SRBMULTI-Restarter/SRB-Restart-example.bat
SRBMiner-Multi-2-2-5/SRBMULTI-Restarter/SRBMULTI-Restarter.exe
.exe windows x64

bbc43e4e26787b3298cc5913f2f10a08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetTickCount64
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
K32EnumProcessModules
K32EnumProcesses
K32GetModuleBaseNameA
LeaveCriticalSection
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fmode
_initterm
_localtime64
_lock
_onexit
_setjmp
_sleep
_stat64
_strdup
_time64
_ultoa
_unlock
_write
abort
calloc
exit
fflush
fopen
fprintf
fputc
fputs
free
fwrite
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
realloc
signal
sprintf
strcmp
strerror
strftime
strlen
strncmp
strtol
system
vfprintf
wcslen

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SRBMiner-Multi-2-2-5/SRBMiner-MULTI.exe
.exe windows x86

9222d372923baed7aa9dfa28449a94ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
FindResourceA
FreeLibrary
LoadResource
WriteFile
SizeofResource
GetProcAddress
LoadLibraryA
LockResource
EnumResourceNamesA
CloseHandle
FreeResource
GetWindowsDirectoryA
OutputDebugStringA
GetTempPathA
GetModuleHandleW
ExitProcess
DecodePointer
EncodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameW
Sleep
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW

shell32

ShellExecuteA
SHGetSpecialFolderPathA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36.9MB - Virtual size: 36.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SRBMiner-Multi-2-2-5/WinIo64.sys
.exe windows x64

85f86c7c8ce81a78e84efa545d7edc65

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:30:7a:27:87:2d
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/06/2011, 14:37

Not After

10/06/2012, 13:56

Subject

CN=Jernej Simoncic,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:93:e3:7a:72:a1:3d:ac:1c:4c:0b:c1:da:6b:df:b8:ba:8d:9c:b3
Signer

Actual PE Digest

8e:93:e3:7a:72:a1:3d:ac:1c:4c:0b:c1:da:6b:df:b8:ba:8d:9c:b3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Jernej Simoncic,C=SI

10/06/2011, 15:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoDeleteDevice
ZwUnmapViewOfSection
ZwClose
IofCompleteRequest
ObReferenceObjectByHandle
ZwMapViewOfSection
ObfDereferenceObject
IoCreateDevice
RtlAssert
ZwOpenSection
DbgPrint
KeBugCheckEx
IoCreateSymbolicLink
IoDeleteSymbolicLink

hal

HalTranslateBusAddress

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 678B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SRBMiner-Multi-2-2-5/WinRing0x64.sys
.exe windows x64

d41fa95d4642dc981f10de36f4dc8cd7

Code Sign

01:00:00:00:00:01:15:37:24:21:a8
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/09/2007, 10:50

Not After

24/09/2008, 10:50

Subject

CN=Noriyuki MIYAZAKI,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:68:21:a3:91:74:d2:9f:6f:87:91:cf:9f:44:f1:a1:f3:43:9d:da
Signer

Actual PE Digest

26:68:21:a3:91:74:d2:9f:6f:87:91:cf:9f:44:f1:a1:f3:43:9d:da

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Noriyuki MIYAZAKI,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

26/07/2008, 13:30
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
IoCreateDevice
MmMapIoSpace
KeBugCheckEx
IoCreateSymbolicLink
MmUnmapIoSpace
IofCompleteRequest
__C_specific_handler

hal

HalSetBusDataByOffset
HalGetBusDataByOffset

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SRBMiner-Multi-2-2-5/guided-setup.bat
SRBMiner-Multi-2-2-5/help.bat
SRBMiner-Multi-2-2-5/list-algorithms.bat
SRBMiner-Multi-2-2-5/list-gpu-devices.bat
SRBMiner-Multi-2-2-5/start-mining-alephium.bat
SRBMiner-Multi-2-2-5/start-mining-alterdot.bat
SRBMiner-Multi-2-2-5/start-mining-avian.bat
SRBMiner-Multi-2-2-5/start-mining-bamboo.bat
SRBMiner-Multi-2-2-5/start-mining-conceal.bat
SRBMiner-Multi-2-2-5/start-mining-dagger.bat
SRBMiner-Multi-2-2-5/start-mining-dynamo.bat
SRBMiner-Multi-2-2-5/start-mining-dynex.bat
SRBMiner-Multi-2-2-5/start-mining-epiccash-and-alephium.bat
SRBMiner-Multi-2-2-5/start-mining-epiccash-and-ergo.bat
SRBMiner-Multi-2-2-5/start-mining-epiccash-and-ethereumPOW.bat
SRBMiner-Multi-2-2-5/start-mining-epiccash-and-monero.bat
SRBMiner-Multi-2-2-5/start-mining-ergo-and-alephium.bat
SRBMiner-Multi-2-2-5/start-mining-ergo-and-kaspa.bat
SRBMiner-Multi-2-2-5/start-mining-ergo-and-novo.bat
SRBMiner-Multi-2-2-5/start-mining-ergo-and-obtc.bat
SRBMiner-Multi-2-2-5/start-mining-ergo-and-radiant.bat
SRBMiner-Multi-2-2-5/start-mining-ergo.bat
SRBMiner-Multi-2-2-5/start-mining-etc-and-alephium.bat
SRBMiner-Multi-2-2-5/start-mining-etc-and-kaspa.bat
SRBMiner-Multi-2-2-5/start-mining-etc-and-novo.bat
SRBMiner-Multi-2-2-5/start-mining-etc-and-obtc.bat
SRBMiner-Multi-2-2-5/start-mining-etc-and-radiant.bat
SRBMiner-Multi-2-2-5/start-mining-etc.bat
SRBMiner-Multi-2-2-5/start-mining-ethereumPOW-and-alephium.bat
SRBMiner-Multi-2-2-5/start-mining-ethereumPOW-and-kaspa.bat
SRBMiner-Multi-2-2-5/start-mining-ethereumPOW-and-novo.bat
SRBMiner-Multi-2-2-5/start-mining-ethereumPOW-and-obtc.bat
SRBMiner-Multi-2-2-5/start-mining-ethereumPOW-and-radiant.bat
SRBMiner-Multi-2-2-5/start-mining-ethereumPOW.bat
SRBMiner-Multi-2-2-5/start-mining-evrmore.bat
SRBMiner-Multi-2-2-5/start-mining-firo.bat
SRBMiner-Multi-2-2-5/start-mining-graft.bat
SRBMiner-Multi-2-2-5/start-mining-gspcoin.bat
SRBMiner-Multi-2-2-5/start-mining-haven.bat
SRBMiner-Multi-2-2-5/start-mining-ironfish.bat
SRBMiner-Multi-2-2-5/start-mining-kaspa.bat
SRBMiner-Multi-2-2-5/start-mining-kyla.bat
SRBMiner-Multi-2-2-5/start-mining-magpiecoin.bat
SRBMiner-Multi-2-2-5/start-mining-microbitcoin.bat
SRBMiner-Multi-2-2-5/start-mining-mintme.bat
SRBMiner-Multi-2-2-5/start-mining-monero.bat
SRBMiner-Multi-2-2-5/start-mining-novo.bat
SRBMiner-Multi-2-2-5/start-mining-obtc.bat
SRBMiner-Multi-2-2-5/start-mining-pascalcoin.bat
SRBMiner-Multi-2-2-5/start-mining-pulsar.bat
SRBMiner-Multi-2-2-5/start-mining-radiant.bat
SRBMiner-Multi-2-2-5/start-mining-raptoreum.bat
SRBMiner-Multi-2-2-5/start-mining-raven.bat
SRBMiner-Multi-2-2-5/start-mining-super-zero.bat
SRBMiner-Multi-2-2-5/start-mining-turtlecoin.bat
SRBMiner-Multi-2-2-5/start-mining-ubiq.bat
SRBMiner-Multi-2-2-5/start-mining-veriblock.bat
SRBMiner-Multi-2-2-5/start-mining-vertcoin.bat
SRBMiner-Multi-2-2-5/start-mining-veruscoin.bat
SRBMiner-Multi-2-2-5/start-mining-vkax.bat
SRBMiner-Multi-2-2-5/start-mining-yadacoin.bat
SRBMiner-Multi-2-2-5/start-mining-yespowertide.bat
SRBMiner-Multi-2-2-5/start-mining-zano.bat
SRBMiner-Multi-2-2-5/start-mining-zil-epic-kaspa.bat
SRBMiner-Multi-2-2-5/start-mining-zil-ergo-novo.bat
SRBMiner-Multi-2-2-5/start-mining-zil-ergo.bat
SRBMiner-Multi-2-2-5/start-mining-zil-ethereumPOW.bat

Sharing

General

Malware Config

Signatures

Files

68d7a4b13b38a420769678c927abc196

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ole32

setupapi

user32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 924B

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 512B - Virtual size: 144B

bbc43e4e26787b3298cc5913f2f10a08

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 139KB - Virtual size: 138KB

.data Size: 1024B - Virtual size: 608B

.rdata Size: 20KB - Virtual size: 19KB

.pdata Size: 11KB - Virtual size: 11KB

.xdata Size: 10KB - Virtual size: 9KB

.bss Size: - Virtual size: 5KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

9222d372923baed7aa9dfa28449a94ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 36.9MB - Virtual size: 36.9MB

.reloc Size: 5KB - Virtual size: 4KB

85f86c7c8ce81a78e84efa545d7edc65

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:30:7a:27:87:2dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

8e:93:e3:7a:72:a1:3d:ac:1c:4c:0b:c1:da:6b:df:b8:ba:8d:9c:b3Signer

Signature Validations

Verification

10/06/2011, 15:00 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 924B

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 512B - Virtual size: 144B

.text
Size: 139KB - Virtual size: 138KB

.data
Size: 1024B - Virtual size: 608B

.rdata
Size: 20KB - Virtual size: 19KB

.pdata
Size: 11KB - Virtual size: 11KB

.xdata
Size: 10KB - Virtual size: 9KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 36.9MB - Virtual size: 36.9MB

.reloc
Size: 5KB - Virtual size: 4KB

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:30:7a:27:87:2d
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

8e:93:e3:7a:72:a1:3d:ac:1c:4c:0b:c1:da:6b:df:b8:ba:8d:9c:b3
Signer

10/06/2011, 15:00
Valid: false

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 332B

.data
Size: 512B - Virtual size: 272B

.pdata
Size: 512B - Virtual size: 84B

INIT
Size: 1024B - Virtual size: 678B

01:00:00:00:00:01:15:37:24:21:a8
Certificate

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:10:92:eb:82:95
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

26:68:21:a3:91:74:d2:9f:6f:87:91:cf:9f:44:f1:a1:f3:43:9d:da
Signer

26/07/2008, 13:30
Valid: false

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 380B

.data
Size: 512B - Virtual size: 276B

.pdata
Size: 512B - Virtual size: 96B

INIT
Size: 1024B - Virtual size: 546B

.rsrc
Size: 1024B - Virtual size: 960B