448dc2f8c97623817146281ed8bf04ff

Sharing

Copy URL Twitter E-mail

General

Target

448dc2f8c97623817146281ed8bf04ff
Size

14.7MB
MD5

448dc2f8c97623817146281ed8bf04ff
SHA1

22e30b6614d4c2e1baa743989b652cef335b4eb0
SHA256

ef3371d42bd0f371f9c4e6d6b266884bfc0e2ee398e265dc78e4ebf4292a72aa
SHA512

dcf32b635bb113ddb25bf99e49bc3942eef6ac263e2322028375eef4df8808d2c866fd6b217c6337308a15ce8d83ac70243ce6183170bbd73b2bb02bca843987
SSDEEP

393216:IY0i1s0aMrN2tKswJ9Q6ZH5DOF8e3vjGZJ+fLc:IY0i18qN2MJ/ZZLujGJac

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bminer-lite-v16.2.8-656aabf/bminer.exe

Files

448dc2f8c97623817146281ed8bf04ff
.zip
bminer-lite-v16.2.8-656aabf/LICENSE.txt
bminer-lite-v16.2.8-656aabf/README.txt
bminer-lite-v16.2.8-656aabf/bminer.exe
.exe windows:6 windows x64 arch:x64

41fd46add62beff2346b046c0f9668e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAAddressToStringW

kernel32

GetVersionExW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ntdll

NtSetTimerResolution

mswsock

AcceptEx

cfgmgr32

CM_Get_Child

bcrypt

BCryptGenRandom

advapi32

CloseServiceHandle

vcruntime140

_CxxThrowException

api-ms-win-crt-time-l1-1-0

_Getdays

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

__p___argc

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-string-l1-1-0

__strncnt

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-environment-l1-1-0

getenv_s

api-ms-win-crt-utility-l1-1-0

qsort

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

NvOptimusEnablementCuda
�bR��7:\9L�n��8e�s�~{2��ƶ��,/�� G�\�dJh0C�� !50��<��^@to��p�^ڪ��C�� !�ãKנ�� ǳ��c��c8.CL�U�G��性:xqq\�Bj}�YԙE�E��6X��|�S�L��` !��U�q9�[&ZQ��d�k��R 3��x��ƨs�ʱ�Bb6-Vc�Js��ݴ&mQ��.�\�^bL��ƹ��a��m��#T��tw�[��f�7�E׃��&ɑʸ�^�>��`��n'��7wM�GJ��X� B3�z�9,�V�d��C�Qƛ��Wx��d��5��}9?� ��h�fO�52Zs�麣oE�9Z$��T��)?s�s�O��O��|�4��}g##o.��O�G� ��.��,m]g� b�hd,�(��ӄGХ$�i�0� �Fᤴ��8��z�;��Y�O��>R��9��g�L�ȯ��ߡ��X��8+UR��e��r�bZ�U1?��na�xQ˃�F�J�ݷ��Pr�p]o}`,�O<'� d�ⴲ�vYu�T ) QM��e�c{�q%Th�b�A|��I=��a��?͚��R����h�[K��P��k�] ��Ģ&�T��>e�3�m�ᦳ��߰~��tak��6+��J۞�֬��x��Y��p�L%(y�a�Pe�h�VE�;:pݕ&�M7"��'�_p�￱zAEE5��f7j[��qw �ww}Q�.n�UA�-G�I��$g��X��=�W��Ƭ�O�1��u��-'U�鷛��J>�YP�E�q��LVLw�NɆ6��^?�M�Qe��V= ~��a(ao]�/�u��|�q�(�]Nk�* B� �X?��9��ɨ��l��+�DR� W��g��þN}o�*��$�)R% ��_P�b�7��M�h��9��%G܃� 4��i#��o�W��a�E>� f�v�N��M�B-�Ă�g��1ᄢ A=�cjJپ04�w#G��)9;=�W��$�� U��0N�s��.8��<�$J��TL��Uj��lQǈݻ��\<Ԁ�1t/'��C��A|�u�m+��&e��k�z7�~��x�e>��?8T!�B�T�}:��EJ%��޾��R��.�>��i�Q��֚��|c�dF:��Z��1{�9t��ƾ��mKZ��F��HY�7�b�=Ǜ�eXCigٹ�5Ar��|cm��A�vJf͚�G5�y��i_v;�<�i*9��\��;��Q��O��&�Q;>��M�a�� L9�~�ݷ�`�ly��(�h�֭�v@�Oro��j҉/��t��KRڑ0��U2|WKW��5��sH�H�0��#�'Ԥw��O;�۟ ��"y=̚M� 2Z�'�f}O�+6��a��d�n��i/��j�2�F�Zӧ��8D�Ķ�fZ� ϐv��U|�L�4�0��#SB�0؇.V$��Ar\|@��}�i�3��P��B��i�v9?r�CU��@��B5Ŷ��ޒ��q�WM�`��YK�<��#��(A�'A�%!K-�7N06wW��MFM77�(�6X�$�Q�f� ��s��-�}��M�zP� �_�3��=��k��{T��^u�h��r םB@��U/L`�5U"�H��fbm��|U�c�7x��)�6_[Ι��i�6M�i!k�T��o��^9��n_Ip�N��|\r�RJǷ!��r�ve�.�3ȕa��&f�E�`k�)��DCgA��Lg�E�J�(�OfJ�}T�=]h��?��3�%,�Jd�Q�+�\��f�Nޔ]?v�b�X+.-�R��]$�-��G�lv�oX*�d��af� %��-�#�YN�@��m�k��B-Ժn��|H��H�|��$d2�gӶW��~��F�� ~8��0i�� (�=��,��M��X��W�n�?��@ޜ�;��P�E�9�)`W$�H�s:f��y*�_�Cl�?��^\�P ^ͮ-U�(�m�P�됢�)M �D�ko�+�<��9��r=�Ca}��s,��Pu�!0��g��de��=��dk��/��D�c^��D�:�N�� ģ�3��Fn��W�/��S4�o}��P�C�=��l�=��K�9��_�PV��ۍ=/�\�(�Z;�� *�w�T��7�`��>q r��/a uiq�>bܵ��g.\S��4��]�ϋ'� �F��OD�0^K�yƨ�jS��d/�hH��l4D�c�\ m��;��K�n� �n��/R��]6q��a�-�J�(�\3~�ߢ9:�'� �h�D(��1�ᬯб.�D>e~ӿ�_��k�Z�)��.��$�g�v��|<�r��{(ܷ~��hJ��\��I��<@�go��ơ5��S��YC��E<��j�W$�щ��BD�f�3��~ʲ��!��۶�e b��e��B#Y��; �D��`��U�V��L��q�V��{��BVK�kc�~J�VЏ�~r\��A��kmqh��K`B��~</4&�s�k��p]��Z�+s,��Z�%`+�&�\�K��cM`� UC��r��,�@�� `�٦e$�rЏl�=}�u9��|Z��Ћ�`ͷ�op��aѐ�o G��Nr��$��*��uw��~k��R��t�\�6&k��턝��S�R�! ��p�}}��^E��/Hl��v5u4�p�{�c� ��ax}W�E�Ѥ*��Ɍbl3��O�X^a�k�$@�� @v�b� ��ȶ��"*1��p�uA�r-:(�)m��ˍ0�=��`�̞��9��F^G�q��#K�<�,�F�#�.d=��6�

Sections

.00cfg
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 881KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 559KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ctors
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 15.0MB - Virtual size: 15.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
bminer-lite-v16.2.8-656aabf/download_OhGodAnETHlargementPill.bat
bminer-lite-v16.2.8-656aabf/download_OhGodAnETHlargementPill.ps1
bminer-lite-v16.2.8-656aabf/mine.bat
bminer-lite-v16.2.8-656aabf/mine_ae.bat
bminer-lite-v16.2.8-656aabf/mine_beam.bat
bminer-lite-v16.2.8-656aabf/mine_bfc.bat
bminer-lite-v16.2.8-656aabf/mine_btm.bat
bminer-lite-v16.2.8-656aabf/mine_equihash1445.bat
bminer-lite-v16.2.8-656aabf/mine_eth.bat
bminer-lite-v16.2.8-656aabf/mine_eth_btm.bat
bminer-lite-v16.2.8-656aabf/mine_eth_hns.bat
bminer-lite-v16.2.8-656aabf/mine_grin29.bat
bminer-lite-v16.2.8-656aabf/mine_grin31.bat
bminer-lite-v16.2.8-656aabf/mine_grin32.bat
bminer-lite-v16.2.8-656aabf/mine_qitmeer.bat
bminer-lite-v16.2.8-656aabf/mine_raven.bat
bminer-lite-v16.2.8-656aabf/mine_sero.bat
bminer-lite-v16.2.8-656aabf/mine_zhash.bat

Sharing

General

Malware Config

Signatures

Files

41fd46add62beff2346b046c0f9668e9

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

ntdll

mswsock

cfgmgr32

bcrypt

advapi32

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

wtsapi32

user32

Exports

Exports

Sections

.00cfg Size: - Virtual size: 16B

.rdata Size: - Virtual size: 881KB

.bss Size: - Virtual size: 559KB

.ctors Size: - Virtual size: 8B

.data Size: - Virtual size: 7.4MB

.gfids Size: - Virtual size: 3KB

.pdata Size: - Virtual size: 149KB

.text Size: - Virtual size: 9.4MB

.tls Size: - Virtual size: 25B

.xdata Size: - Virtual size: 340KB

.idata Size: - Virtual size: 12KB

.edata Size: - Virtual size: 88B

.vmp0 Size: - Virtual size: 3.2MB

.vmp1 Size: 15.0MB - Virtual size: 15.0MB

.00cfg
Size: - Virtual size: 16B

.rdata
Size: - Virtual size: 881KB

.bss
Size: - Virtual size: 559KB

.ctors
Size: - Virtual size: 8B

.data
Size: - Virtual size: 7.4MB

.gfids
Size: - Virtual size: 3KB

.pdata
Size: - Virtual size: 149KB

.text
Size: - Virtual size: 9.4MB

.tls
Size: - Virtual size: 25B

.xdata
Size: - Virtual size: 340KB

.idata
Size: - Virtual size: 12KB

.edata
Size: - Virtual size: 88B

.vmp0
Size: - Virtual size: 3.2MB

.vmp1
Size: 15.0MB - Virtual size: 15.0MB