4d40397cf5318e114028a94a4a8a0385

Sharing

Copy URL Twitter E-mail

General

Target

4d40397cf5318e114028a94a4a8a0385
Size

6.4MB
MD5

4d40397cf5318e114028a94a4a8a0385
SHA1

4e1a9493aff559e2ee119b3ebcd910f9bc9d0609
SHA256

4ac7c8501e4af32a533edf3fc67b3ac0bfd8c51633a50489f1e0e7b45290a430
SHA512

df9b9d98200f7e216f947ba09847b58a4a7b09587e31e2218652494f9b258256329e0e351220dd77d2cf9e9319d7719a777a722d19acf770668068b766883c81
SSDEEP

196608:K9pIHhyl8PvEYaqgtzfUUuidfJfUlOP/jZO:KQHEpfUUuKB3P/jA

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/m-cpuminer-qt-32-win/m-cpuminer-qt.exe
unpack001/m-cpuminer-qt-32-win/miner/m-minerd.exe

Files

4d40397cf5318e114028a94a4a8a0385
.zip
m-cpuminer-qt-32-win/m-cpuminer-qt.exe
.exe windows:4 windows x86 arch:x86

61acd477f9b393781c383c150b0c649c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CopySid
FreeSid
GetLengthSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

crypt32

CertCreateCertificateContext
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain

gdi32

AddFontMemResourceEx
AddFontResourceExW
BitBlt
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreateRectRgn
DeleteDC
DeleteObject
EnumFontFamiliesExW
ExtTextOutW
GdiFlush
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetDIBits
GetDeviceCaps
GetFontData
GetGlyphOutlineW
GetObjectW
GetOutlineTextMetricsW
GetRegionData
GetStockObject
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
OffsetRgn
RemoveFontMemResourceEx
RemoveFontResourceExW
SelectClipRgn
SelectObject
SetBkMode
SetGraphicsMode
SetTextAlign
SetTextColor
SetWorldTransform

imm32

ImmGetCompositionStringW
ImmGetContext
ImmGetDefaultIMEWnd
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

kernel32

AddVectoredExceptionHandler
CancelIo
CheckRemoteDebuggerPresent
CloseHandle
CompareStringW
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileExW
FindFirstFileW
FindNextChangeNotification
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleWindow
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileType
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatus
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetUserGeoID
GetVersionExW
GetVolumeInformationW
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLanguageGroup
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetCriticalSectionSpinCount
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetFilePointerEx
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SwitchToThread
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
lstrcmpW

msvcrt

__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_clearfp
_close
_control87
_endthreadex
_environ
_errno
_exit
_filelengthi64
_fileno
_fmode
_get_osfhandle
_getdrive
_initterm
_iob
_lock
_lseeki64
_onexit
_open_osfhandle
_putenv
_read
_setjmp3
_snwprintf
_strdup
_timezone
_tzset
_ultoa
_unlock
_tzname
_vsnprintf
_vsnwprintf
_waccess
_wchmod
_wgetdcwd
_write
_write
acos
abort
asin
atan
atof
atoi
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
frexp
fsetpos
fwprintf
fwrite
getc
getenv
gmtime
isalpha
islower
isspace
isupper
localeconv
localtime
isxdigit
log10
longjmp
malloc
memchr
memcmp
memmove
memset
mktime
memcpy
printf
puts
raise
rand
realloc
remove
setlocale
signal
sprintf
srand
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtoul
strtol
tan
tolower
toupper
ungetc
vfprintf
wcschr
wcscmp
wcscpy
wcslen
wcsrchr

ole32

CoCreateGuid
CoCreateInstance
CoGetMalloc
CoInitialize
CoLockObjectExternal
CoTaskMemFree
CoUninitialize
DoDragDrop
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

oleaut32

SysAllocStringLen
VariantInit

shell32

SHBrowseForFolderW
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
Shell_NotifyIconW

user32

AdjustWindowRectEx
BeginPaint
CallNextHookEx
ChangeClipboardChain
CharNextExA
ChildWindowFromPointEx
ClientToScreen
CreateCaret
CreateCursor
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyCaret
DestroyCursor
DestroyIcon
DestroyWindow
DispatchMessageW
DrawIconEx
EnableMenuItem
EndPaint
EnumDisplayMonitors
EnumWindows
FindWindowExW
FindWindowW
FlashWindowEx
GetActiveWindow
GetAncestor
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoW
GetClientRect
GetClipboardFormatNameW
GetCursorPos
GetDC
GetDesktopWindow
GetDoubleClickTime
GetFocus
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetMenu
GetMessageExtraInfo
GetMonitorInfoW
GetParent
GetQueueStatus
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetUpdateRect
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InvalidateRect
IsChild
IsIconic
IsWindowVisible
IsZoomed
KillTimer
LoadIconW
LoadImageW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MoveWindow
MsgWaitForMultipleObjectsEx
NotifyWinEvent
PeekMessageW
PostMessageW
PostThreadMessageW
RealGetWindowClassW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageW
SetCapture
SetCaretPos
SetClipboardViewer
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenuItemInfoW
SetParent
SetTimer
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
ToAscii
ToUnicode
TrackMouseEvent
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW

winmm

PlaySoundW

ws2_32

WSAAccept
WSAAsyncSelect
WSACleanup
WSAConnect
WSAGetLastError
WSAHtonl
WSAHtons
WSAIoctl
WSANtohl
WSANtohs
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
WSAStartup
__WSAFDIsSet
bind
closesocket
gethostbyaddr
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htonl
inet_addr
listen
ntohl
select
setsockopt

Sections

.text
Size: 9.3MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
m-cpuminer-qt-32-win/m-cpuminer.conf
m-cpuminer-qt-32-win/miner/m-minerd.exe
.exe windows:4 windows x86 arch:x86

0d5c2ed83bf2fa5c4ab486907112df42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
PeekNamedPipe
QueryPerformanceCounter
ReadFile
ReleaseSemaphore
ResetEvent
ResumeThread
SetCriticalSectionSpinCount
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

__argv
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_fmode
_fstati64
_ftime
_initterm
_iob
_lock
_lseeki64
_onexit
_setjmp3
_snwprintf
_stati64
_vsnprintf
time
localtime
gmtime
calloc
exit
fclose
feof
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fwprintf
fwrite
getenv
isalnum
isalpha
isgraph
islower
isprint
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
puts
qsort
raise
realloc
setlocale
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strstr
strtok
strtol
strtoul
_stricmp
_strnicmp
_sys_nerr
_unlock
abort
atoi
tolower
vfprintf
wcscpy
wcstombs
longjmp
_write
_strdup
_read
_open
_close

user32

MessageBoxW

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htons
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Sections

.text
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
m-cpuminer-qt-32-win/readme.txt

Sharing

General

Malware Config

Signatures

Files

61acd477f9b393781c383c150b0c649c

Headers

File Characteristics

Imports

advapi32

crypt32

gdi32

imm32

kernel32

msvcrt

ole32

oleaut32

shell32

user32

winmm

ws2_32

Sections

.text Size: 9.3MB - Virtual size: 9.3MB

.data Size: 35KB - Virtual size: 34KB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.eh_fram Size: 1.8MB - Virtual size: 1.8MB

.bss Size: - Virtual size: 28KB

.idata Size: 15KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 664B

0d5c2ed83bf2fa5c4ab486907112df42

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ws2_32

Sections

.text Size: 741KB - Virtual size: 740KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 118KB - Virtual size: 118KB

.bss Size: - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 32B

.text
Size: 9.3MB - Virtual size: 9.3MB

.data
Size: 35KB - Virtual size: 34KB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.eh_fram
Size: 1.8MB - Virtual size: 1.8MB

.bss
Size: - Virtual size: 28KB

.idata
Size: 15KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 664B

.text
Size: 741KB - Virtual size: 740KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 118KB - Virtual size: 118KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B