dfc965a8c71088f478369de837b18510N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

dfc965a8c71088f478369de837b18510N.exe
Size

431KB
MD5

dfc965a8c71088f478369de837b18510
SHA1

a924186025356fa6fed4ef5613eb961a5b0a116f
SHA256

90057794108e009b7824299108b9ed49bb6cc49a636fe2ebbd7d71eebf7b04c6
SHA512

0513b4a8c22e867600a3fb3baf2511618db1b2c48115f17c1de0092f88faa228fa454d709507b54abcc550205879800444a076fbc39b9a8887035717cadf16b5
SSDEEP

3072:yuYYYYvmnYefY1YY5YITAYwsYkYYYYYVt05nZYYYYYKYTYYaYR7AYl30QSkY4ZYm:yKo6UNdEiTSE5FQIFLOJJbT25

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfc965a8c71088f478369de837b18510N.exe

Files

dfc965a8c71088f478369de837b18510N.exe
.dll windows:5 windows x86 arch:x86

1db9b0f68c8c3258464bc41419d46cf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\OUT\Release\PDB\miner.pdb

Imports

usft_ext

ord2029
ord1995
ord1975
ord1943
ord2015
ord1980
ord1970
ord1209
ord1971
ord1967
ord1958
ord1966
ord432
??0String@Ext@@QAE@ABV?$basic_string@DU?$char_traits@D@ExtSTL@@V?$allocator@D@2@@ExtSTL@@@Z
ord507
ord1047
ord95
ord127
ord257
ord145
ord177
ord183
ord1630
ord236
ord996
ord1414
ord1540
ord1165
ord949
ord325
ord555
ord567
?Insert@CBinaryTree@Ext@@IAE?AU?$pair@Viterator@CBinaryTree@Ext@@_N@ExtSTL@@PBX@Z
ord2025
ord1948
ord1963
ord1968
ord549
ord232
ord142
ord347
ord413
ord269
ord569
ord20
ord68
ord35
ord1456
ord1382
ord31
ord1455
ord1384
ord1383
ord224
ord227
ord767
ord1380
ord1391
ord131
ord50
ord24
ord1022
ord265
ord28
ord27
ord26
ord1255
ord1343
ord1135
ord380
ord1251
ord1330
ord562
ord2008
ord2013
ord2023
ord573
ord1824
ord973
ord300
ord277
?Split@String@Ext@@QBE?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@ABV12@I@Z
ord421
ord111
ord1658
ord242
ord67
ord1828
ord1063
ord147
?GetPortNames@SerialPort@Ext@@SG?AV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@XZ
ord2034
ord1551
ord1443
ord1489
ord558
ord552
ord1517
ord1405
ord1404
ord1561
ord981
ord1560
ord1406
ord1506
ord1508
ord1659
ord385
??6Ext@@YGAAV?$basic_ostream@DU?$char_traits@D@ExtSTL@@@ExtSTL@@AAV12@ABUConstBuf@0@@Z
ord999
?Join@String@Ext@@SG?AV12@ABV12@ABV?$vector@VString@Ext@@V?$allocator@VString@Ext@@@ExtSTL@@@ExtSTL@@@Z
ord1417
ord1159
ord1457
ord327
ord1223
ord674
ord203
ord1490
ord420
ord542
ord1459
ord160
ord276
ord194
ord1151
ord528
ord74
ord17
ord171
ord201
ord579
ord254
ord1319
ord700
ord772
ord204
ord1423
ord1631
ord846
ord1488
ord92
ord121
ord519
ord1509
ord1522
ord423
ord1361
ord950
ord1512
ord1520
ord1174
ord1549
ord129
ord253
ord43
ord44
ord1964
ord977
ord3055
ord3070
ord3003
ord49
ord69
ord418
ord156
ord1385
ord267
ord170
ord1712
ord1719
ord1709
ord1728
ord1727
ord1716
ord1707
ord1713
ord199
ord319
ord1036
ord195
ord159
ord1951
ord1952
ord3027
ord3026
ord3036
ord1397
ord1048
?PInsert@CHash@Ext@@IAE?AU?$pair@VCBaseIterator@CList@Ext@@_N@ExtSTL@@PBXP6GXPAX0@Z_N@Z
ord279
ord151
ord1130
ord2002
ord2001
ord2010
ord1552
ord600
ord3065
ord235
ord843
ord673
ord1543
ord343
ord72
ord640
__CxxFrameHandler3
ord1418
ord841
ord339
ord1129
ord47
ord15
ord312
ord10
ord332
ord101
ord1131
ord98
ord1312
ord527
ord100
ord1594
ord1536
ord263
ord539
ord326
ord779
ord97
ord1507
ord1505
ord1502
ord1504
ord1501
ord1500
ord1503
ord264
ord116
ord473
ord561
ord416
My_except_handler3
My_except_handler4
My_SEH_prolog
My_SEH_epilog
My_SEH_prolog4
My_SEH_epilog4
My_EH_prolog2
My__ehvec_copy_ctor
_My__CxxSetUnhandledExceptionFilter@0
_My_CxxThrowException@8
ord1607
ord706
ord214
ord717
ord697
ord337
ord477
ord708
ord716
ord721
ord410
ord705
ord773
ord712
ord175
ord60
ord1991
ord96
ord222

msvcrt

malloc
memset
sprintf
memcpy
fclose
_fileno
fopen
setvbuf
strtod
_read
_write
_get_osfhandle
atoi
_isatty
_EH_prolog
??1type_info@@UAE@XZ
__dllonexit
_onexit
__lconv_init
?terminate@@YAXXZ
_adjust_fdiv
_purecall
_initterm
free

oleaut32

VariantClear
VariantInit

ws2_32

ntohl
ntohs
htons

coinutil

ord15
ord1
ord2
ord4
?Hash@Coin@@YA?AVHashValue@1@ABUConstBuf@Ext@@@Z
?CalcSha256Midstate@Coin@@YA?AVBlob@Ext@@ABUConstBuf@3@@Z
ord13
ord5
?WriteHeader@BlockBase@Coin@@UBEXAAVBinaryWriter@Ext@@@Z
?FormatHashBlocks@Coin@@YAXPAXI@Z
ord16
ord17
?Swab32@Coin@@YA?AVBlob@Ext@@ABUConstBuf@3@@Z

kernel32

LoadLibraryExA
InterlockedExchange
GetLastError
RaiseException
SetCommTimeouts
GetModuleHandleW
SetEvent
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
FreeLibrary

Exports

Exports

??0BitcoinMiner@Coin@@QAE@XZ
??0BitcoinSha256@Coin@@QAE@ABV01@@Z
??0BitcoinSha256@Coin@@QAE@XZ
??1BitcoinMiner@Coin@@UAE@XZ
??1BitcoinSha256@Coin@@UAE@XZ
??4BitcoinSha256@Coin@@QAEAAV01@ABV01@@Z
??_7BitcoinMiner@Coin@@6B@
??_7BitcoinSha256@Coin@@6B@
?CalcHash@BitcoinMiner@Coin@@QAE?AVBlob@Ext@@ABVBitcoinWorkData@2@@Z
?CallNotifyRequest@BitcoinMiner@Coin@@QAEXAAVWorkerThreadBase@2@ABVString@Ext@@1@Z
?CheckLongPolling@BitcoinMiner@Coin@@QAEXAAVWebClient@Ext@@ABVString@4@1@Z
?CreateObject@BitcoinSha256@Coin@@SA?AV?$ptr@VBitcoinSha256@Coin@@VNonInterlocked@Ext@@@Ext@@XZ
?CreateStratumClient@BitcoinMiner@Coin@@QAEXABVString@Ext@@@Z
?FindNonce@BitcoinSha256@Coin@@UAE_NAAI@Z
?FullCalc@BitcoinSha256@Coin@@QAE?AVBlob@Ext@@XZ
?GetCalIlCode@BitcoinMiner@Coin@@UAE?AVString@Ext@@_N@Z
?GetCudaCode@BitcoinMiner@Coin@@UAE?AVString@Ext@@XZ
?GetCurrentUrl@BitcoinMiner@Coin@@AAE?AVString@Ext@@XZ
?GetMethodName@BitcoinMiner@Coin@@QAE?AVString@Ext@@_N@Z
?GetOpenclCode@BitcoinMiner@Coin@@UAE?AVString@Ext@@XZ
?GetTestData@BitcoinMiner@Coin@@QAE?AVBitcoinWorkData@2@XZ
?GetWebClient@BitcoinMiner@Coin@@UAE?AVBitcoinWebClient@2@PAVWorkerThreadBase@2@@Z
?GetWork@BitcoinMiner@Coin@@UAE?AVBitcoinWorkData@2@AAPAVWebClient@Ext@@@Z
?GetWorkForThread@BitcoinMiner@Coin@@QAE?AVBitcoinWorkData@2@AAVWorkerThreadBase@2@I_N@Z
?GetWorkFromMinerBlock@BitcoinMiner@Coin@@QAE?AVBitcoinWorkData@2@ABVDateTime@Ext@@@Z
?InitDevices@BitcoinMiner@Coin@@QAEXXZ
?OnRoundComplete@BitcoinMiner@Coin@@UAEXXZ
?PrepareData@BitcoinSha256@Coin@@UAEXPBX00@Z
?Print@BitcoinMiner@Coin@@QAEXABVBitcoinWorkData@2@_NABVString@Ext@@@Z
?SetIntensity@BitcoinMiner@Coin@@QAEXH@Z
?SetNewData@BitcoinMiner@Coin@@QAEXABVBitcoinWorkData@2@_N@Z
?SetWebInfo@BitcoinMiner@Coin@@QAEXAAVWebClient@Ext@@@Z
?Start@BitcoinMiner@Coin@@QAEXPAVCThreadRef@Ext@@@Z
?Stop@BitcoinMiner@Coin@@QAEXXZ
?SubmitResult@BitcoinMiner@Coin@@UAE_NAAPAVWebClient@Ext@@ABVBitcoinWorkData@2@@Z
?TestAndSubmit@BitcoinMiner@Coin@@QAE_NAAVWorkerThreadBase@2@AAVBitcoinWorkData@2@I@Z
?UseSse2@BitcoinMiner@Coin@@QAE_NXZ

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1db9b0f68c8c3258464bc41419d46cf2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

usft_ext

msvcrt

oleaut32

ws2_32

coinutil

kernel32

Exports

Exports

Sections

.text Size: 242KB - Virtual size: 241KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 17KB - Virtual size: 17KB

.text Size: 108KB - Virtual size: 112KB

.text
Size: 242KB - Virtual size: 241KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 108KB - Virtual size: 112KB