Trojan.Coinminer

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	1,746
Threat Level:	80 % (High)
Infected Computers:	126,850

First Seen:	February 16, 2018
Last Seen:	December 24, 2025
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove Trojan.Coinminer

File System Details

Trojan.Coinminer may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	is-TV19V.tmp	1bf48abe5f3f1f61a4bf7ebd5adaa75b	1,793
Name: is-TV19V.tmp MD5: 1bf48abe5f3f1f61a4bf7ebd5adaa75b Size: 3.56 MB (3565568 bytes) Detections: 1,793 Type: Temporary File Path: \??\C:\Windows\system32\is-TV19V.tmp Group: Malware file Last Updated: February 15, 2023
2.	conime.exe	c50bb65871b46075aeb0d035671ffbbf	880
Name: conime.exe MD5: c50bb65871b46075aeb0d035671ffbbf Size: 894.46 KB (894464 bytes) Detections: 880 Type: Executable File Path: %COMMONPROGRAMFILES%\conime.exe Group: Malware file Last Updated: July 24, 2023
3.	juched.exe	443cfef1b32029f6461c6f1078930714	365
Name: juched.exe MD5: 443cfef1b32029f6461c6f1078930714 Size: 3.33 MB (3336088 bytes) Detections: 365 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juched.exe Group: Malware file Last Updated: October 16, 2022
4.	kbdusa.exe	71bde539d6d95347337ccd34ac60f335	172
Name: kbdusa.exe MD5: 71bde539d6d95347337ccd34ac60f335 Size: 1.24 MB (1246896 bytes) Detections: 172 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\wow64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7600.16385_none_d1346e9948c064db\kbdusa.exe Group: Malware file Last Updated: June 26, 2020
5.	dplayx.exe	c4edddcafdded4042549ebeedc87281d	63
Name: dplayx.exe MD5: c4edddcafdded4042549ebeedc87281d Size: 873.62 KB (873624 bytes) Detections: 63 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\amd64_microsoft-windows-netplwiz_31bf3856ad364e35_6.1.7601.17514_none_a97f640bcc255ec8\dplayx.exe Group: Malware file Last Updated: June 26, 2020
6.	rpcnsh.exe	54eb5b4813124a80eadc49c0e1f6e874	62
Name: rpcnsh.exe MD5: 54eb5b4813124a80eadc49c0e1f6e874 Size: 864.25 KB (864256 bytes) Detections: 62 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_6.1.7600.16385_none_c5e444bbbf030bfa\rpcnsh.exe Group: Malware file Last Updated: June 26, 2020
7.	msvc.exe	0447d246d87a2498f24d9b1910099aa8	61
Name: msvc.exe MD5: 0447d246d87a2498f24d9b1910099aa8 Size: 2.9 MB (2902528 bytes) Detections: 61 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft visual studio c++\msvc.exe Group: Malware file Last Updated: June 26, 2020
8.	conhost.exe	7b994eaf4457a89935deb269d5c25a94	45
Name: conhost.exe MD5: 7b994eaf4457a89935deb269d5c25a94 Size: 704 KB (704000 bytes) Detections: 45 Type: Executable File Path: %ALLUSERSPROFILE%\performance tool\conhost.exe Group: Malware file Last Updated: July 17, 2022
9.	winlogui.exe	034faf2273577d9f9bbbbf5fe568fd51	16
Name: winlogui.exe MD5: 034faf2273577d9f9bbbbf5fe568fd51 Size: 1.8 MB (1803776 bytes) Detections: 16 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: November 23, 2019
10.	FIHF.exe	f9e52bad1d1c89ceb5fcf89a9b6dc38e	10
Name: FIHF.exe MD5: f9e52bad1d1c89ceb5fcf89a9b6dc38e Size: 265.21 KB (265216 bytes) Detections: 10 Type: Executable File Path: C:\Users\<username>\{KIQAOJCZ-ETDJ-XUNV-R594-L7V61M1X9WFO} Group: Malware file Last Updated: November 4, 2018
11.	ctfmon.exe	6e9dfc6d15a5c3bee4a08db1b441aba7	6
Name: ctfmon.exe MD5: 6e9dfc6d15a5c3bee4a08db1b441aba7 Size: 3.49 MB (3498229 bytes) Detections: 6 Type: Executable File Path: %COMMONPROGRAMFILES%\microsoft shared\ink\ja-jp\ctfmon.exe Group: Malware file Last Updated: June 26, 2020
12.	appextb.exe	010f027e58ba31a56035a4efd1338839	6
Name: appextb.exe MD5: 010f027e58ba31a56035a4efd1338839 Size: 3.49 MB (3498229 bytes) Detections: 6 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\microsoft\windows\printer shortcuts\appextb.exe Group: Malware file Last Updated: June 26, 2020
13.	d3dcompiler_41.exe	4651788d85634163b50c28e65ed7a3cd	6
Name: d3dcompiler_41.exe MD5: 4651788d85634163b50c28e65ed7a3cd Size: 2.37 MB (2378240 bytes) Detections: 6 Type: Executable File Path: c:\Users\<username>\appdata\roaming\amd64_microsoft-windows-mccs-syncres.resources Group: Malware file Last Updated: January 24, 2019
14.	igfxpers.exe	ea5e45ae2b6ca1d396105cec2649c1b3	5
Name: igfxpers.exe MD5: ea5e45ae2b6ca1d396105cec2649c1b3 Size: 3.49 MB (3498229 bytes) Detections: 5 Type: Executable File Path: %COMMONPROGRAMFILES%\microsoft shared\ink\et-ee\igfxpers.exe Group: Malware file Last Updated: June 26, 2020

Registry Details

Trojan.Coinminer may create the following registry entry or registry entries:

File name without path

jce_cn_cpu_miner64.exe

Windows Vision Driver Foundation Update Check (WDF).exe

Regexp file mask

%ALLUSERSPROFILE%\AdobeAAM\NetFramework.exe

%ALLUSERSPROFILE%\dllhosts.exe

%ALLUSERSPROFILE%\Microsoft\Windows\Caches\svchost.exe

%ALLUSERSPROFILE%\opencl.exe

%ALLUSERSPROFILE%\performance tool\conhost.exe

%ALLUSERSPROFILE%\RealtekHD\taskhostw.exe

%APPDATA%\dssec\dssec.exe

%APPDATA%\GoogleChrome[RANDOM CHARACTERS].exe

%APPDATA%\intpooo.exe

%APPDATA%\Macromedia\svchost.exe

%APPDATA%\Microsoft Visual Studio C++\msvc.exe

%APPDATA%\System\svgost.exe

%COMMONPROGRAMFILES%\conime.exe

%COMMONPROGRAMFILES(x86)%\conime.exe

%HOMEDRIVE%\cex6.exe

%HOMEDRIVE%\Performs\taskhost.exe

%programfiles%\fifa 20\fifa20.exe

%PROGRAMFILES%\svchost.exe

%programfiles(x86)%\fifa 20\fifa20.exe

%PROGRAMFILES(x86)%\svchost.exe

%USERPROFILE%\Documents\mlog.exe

%WINDIR%\debug\winlogonr.exe

%WINDIR%\fonts\sqlservr.exe

%WINDIR%\System32\winlogui.exe

%WINDIR%\TEMP\mess1.exe

Directories

Trojan.Coinminer may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\adwxcssgvy

%ALLUSERSPROFILE%\Application Data\clr_optimization_v4.0.30328_64

%ALLUSERSPROFILE%\Application Data\clr_optimization_v4.0.33018_64

%ALLUSERSPROFILE%\Logss

%ALLUSERSPROFILE%\SteganosNotifierServiceWenter

%ALLUSERSPROFILE%\adwxcssgvy

%ALLUSERSPROFILE%\clr_optimization_v4.0.30328_64

%ALLUSERSPROFILE%\clr_optimization_v4.0.33018_64

%APPDATA%\ExplorerInternets

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\7ZipArchiver

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\IntelCorporalion

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\Macro

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\Microsoft

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\Orion

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\SmartServiceScreenWenter

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\WmiPrvSE

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\adobe

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\adobee

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\gtopapkamaixz

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\kingusuanlaola

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\kingusunlaola

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\kingusunlola

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\minecrofnm

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\minepapkamxsz

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\netrosh

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\randpapkamainof

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\randwpapkamain

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\rneadwpapkamain

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\rneadwpapkaxzai

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\rqnadpapkamain

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\rqnadpapkamaixz

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\stegnmxsdbe

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\steuagnagtmsndbe

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\steuagntmsndbe

%APPDATA%\Microsoft\SystemCertificates\My\CTLs\stolpapkaxzmasi

%APPDATA%\honey miner

%HOMEDRIVE%\$RECYCLE.BIN.EXE

%HOMEDRIVE%\$RECYCLE.EXE.JPG

%HOMEDRIVE%\kernels

%LOCALAPPDATA%\AwesomeMiner

%LOCALAPPDATA%\svc10.17134

%PROGRAMFILES%\awesome miner

%PROGRAMFILES(x86)%\awesome miner

%TEMP%\tratata

%appdata%\Idle

Analysis Report

General information

Family Name:	Trojan.Coinminer
Signature status:	No Signature

Known Samples

MD5: 8b349747ef5215e4b15abe50859d2416

SHA1: bebbee4f1512c8daefc01e8dd91dbc19d3ffb4ea

File Size: 4.20 MB, 4196864 bytes

MD5: 3ef27ad24031fa1bcb514da582829026

SHA1: b3f3c86d39e32e9b1e368092b61cf7eac6604d55

SHA256: 26F0613EEF3294F117E2F2DB0B9A82B7294126C282208999FFBBB7F8E195E187

File Size: 9.25 MB, 9252864 bytes

MD5: 33412ba25cc086bf566237a378c6e6e3

SHA1: e4d3f661063801bb9191f45b782fee8ab50955dc

SHA256: E4CA4556CAFB7BE3C705F5586ECFC99E1467667A738FD59D156E6EB8D1574713

File Size: 8.05 MB, 8052736 bytes

MD5: 74539ed33537e79efd3e5ae3bc5468ff

SHA1: 0b0b234c191d9f63d6fd19b7db15aef61df5fa4a

SHA256: 8AC67F4C28DB5E0A4FD11AD7612D13B3439FF3D63FD895DFED7EF443752A0421

File Size: 9.31 MB, 9309696 bytes

MD5: 9dbe8109b2ee6e24e00100707b8b34d4

SHA1: 0890344d85cb3cb053b2ea21b5f4326a2bf4caa7

SHA256: C8C174502E92D361132F2FCFD2072D7791799C24477FF95790D2F5D73BED0286

File Size: 1.88 MB, 1877504 bytes

MD5: 6fc4d4a66646e8a3ca1a66a721979a85

SHA1: 099055f1e08cf8b537ae8c0e621a6bb0ab559735

SHA256: 90176C56D1294FEE8620FD62208C4DB8567A54CD09789F07EA5E51E157D1CA4A

File Size: 2.82 MB, 2824704 bytes

MD5: fbc993cdae076902905f35921e1ed5e3

SHA1: dab3ef7a9caf0fc7674e9486efb75fe7de59194e

SHA256: ABB8A72C8A5F0A16C0C8688DB68714219212A440BF208AD8B7323528648516E9

File Size: 649.22 KB, 649216 bytes

MD5: 559b4cfb906fec35471e9718bb63aaed

SHA1: e94501961461af98463b1f6920b4b0052c0a4975

SHA256: E64205045110A2FD06F5E5D7D96D63ED8578C2A243E5C3949933172BBEAA2072

File Size: 8.19 KB, 8192 bytes

MD5: 65afa3b4cfed6dfcbc7b8e5ff7eb63eb

SHA1: bb9db41577e63ce3e41feb85f850d3cae4955bb1

SHA256: 10A4557263DE146664C42D1319591E8A909CFF20E9849F9BDE99E5B12F2DF23F

File Size: 10.24 KB, 10240 bytes

MD5: b16e799c54bc726753f72302df6f035e

SHA1: 3779612a7bd0cbbdd0721991b9e78ee9d19d3b41

SHA256: 547C1D0A5217C5CB8104EE90D51F75894C199BA7B0C4807426675FB7983E2406

File Size: 752.13 KB, 752128 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have resources
File doesn't have security information
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable
File is 64-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.0.0.0 0.0.0.0
Comments	Background service update and maintenance utility
Company Name	Microsoft Corporation Realtek Semiconductor Show_Clients_on_Map System Utilities Corporation WebMoney
File Description	Realtek HD Audio Universal Service Service Updater Component Show_Clients_on_Map WebMoney M Windows Shell Experience Host
File Version	10.0.22621.3527 (WinBuild.160101.0800) 3.10.2.0 1.1.664.1 1.0.2.0 1.0.0.0 0.0.0.0
Internal Name	AmplifyImpostors.dll RtkAudUService.exe ServiceUpdater ShellExperienceHost Show_Clients_on_Map.dll
Legal Copyright	2024 (c) Realtek Semiconductor. All rights reserved. Copyright (C) 2024 web.money Copyright (C) 2025 System Utilities Corporation. All rights reserved. © Microsoft Corporation. All rights reserved.
Original Filename	AmplifyImpostors.dll RtkAudUService.exe ServiceUpdater.exe ShellExperienceHost.exe Show_Clients_on_Map.dll wmm.exe
Product Name	Microsoft® Windows® Operating System Realtek HD Audio Universal Service Show_Clients_on_Map System Service Manager wmm
Product Version	10.0.22621.3527 3.10.2.0 1.1.664.1 1.0.2.0 1.0.0 0.0.0.0

File Traits

.NET
.vmp0
2+ executable sections
dll
fptable
GetConsoleWindow
HighEntropy
No Version Info
ntdll
VirtualQueryEx

vmp section variant
x64
x86

Block Information

Total Blocks:	1,836
Potentially Malicious Blocks:	136
Whitelisted Blocks:	1,049
Unknown Blocks:	651

Visual Map

? 0 ? ? ? ? ? 0 ? 0 0 0 ? ? 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 1 1 0 ? 0 0 0 0 ? 0 0 0 ? ? ? ? 0 ? ? 0 ? 0 0 0 ? ? ? 0 0 ? ? 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 0 0 0 ? 0 ? 0 0 x ? ? ? ? ? 0 ? 0 ? 0 ? 0 ? 0 0 ? ? 0 0 0 x 0 x 0 0 0 0 0 0 0 0 ? 0 0 0 x 0 0 0 0 x 0 0 0 ? ? ? 0 0 0 ? ? ? ? ? 0 ? 0 ? ? 0 0 x x x 0 ? 0 x 0 x 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 x 0 0 0 ? ? 0 0 0 0 0 0 x x 0 ? ? 0 ? x ? ? ? ? 0 ? ? x ? x 0 x x x x x x x x 0 x x x x x x x ? ? ? ? x x x ? x x x ? x 0 0 ? ? 0 x ? ? ? x x x ? ? ? x x ? ? 0 x ? 0 x x 0 x 0 x ? x ? ? ? 0 ? 0 0 0 0 0 0 0 0 x ? ? 0 0 ? 0 ? 0 ? ? 0 ? 0 0 0 ? ? 0 ? 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x x 0 x ? 0 x ? 0 0 0 ? ? ? 0 0 ? x x 0 x x 0 ? 0 0 0 ? 0 0 ? ? ? ? ? ? ? 0 0 ? ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? 0 ? ? ? x 0 ? ? 0 0 x 0 0 0 0 x x x 0 0 0 0 0 x x 0 0 x x 0 ? x ? ? x ? x x x ? ? 0 ? 0 0 0 x x x x x x ? ? x 0 0 0 0 ? x 0 0 ? 0 0 0 ? 0 0 ? ? ? 0 0 ? ? ? 0 ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 ? x ? ? 0 0 x 0 ? ? 0 0 ? x ? 0 ? 0 ? ? 0 ? ? x ? x 0 x ? x ? 0 ? ? ? 0 0 0 0 ? ? x ? ? ? ? x x ? 0 ? 0 0 ? ? 0 ? 0 0 x 0 0 ? ? 0 ? ? x 0 0 ? 0 0 ? x ? 0 x ? 0 ? 0 0 ? ? ? ? 0 ? 0 ? ? 0 0 ? x x x x x 0 ? ? x ? ? x 0 0 0 0 ? x x ? ? x ? ? 0 x 0 ? ? ? 0 ? ? ? ? ? 0 ? 0 0 0 0 0 ? ? ? ? 0 x ? ? ? 0 ? ? ? ? 0 ? 0 0 ? ? ? ? 0 0 ? ? ? 0 ? ? ? 0 ? 0 0 ? 0 0 0 0 ? 0 ? ? ? ? 0 ? ? x 0 ? ? 0 0 ? ? ? ? ? 0 0 ? x x x ? ? 0 0 ? 0 ? ? ? x ? ? ? ? ? ? ? x ? x ? x 0 ? ? x x ? x ? ? 0 ? 0 ? ? ? ? 0 ? ? x ? ? x ? 0 ? ? ? 0 ? ? 0 0 0 ? x 0 0 ? 0 0 0 0 ? 0 0 ? 0 ? ? 0 ? 0 ? ? 0 ? ? 0 ? 0 ? 0 0 0 0 0 ? ? x 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 ? 0 0 0 ? ? ? 0 0 ? ? 0 0 0 ? ? ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 x ? ? 0 ? 0 ? ? ? ? ? ? 0 ? ? 0 0 ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? 0 ? ? ? 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 ? 0 ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 ? ? ? ? ? 0 ? 0 ? 0 ? 0 0 0 0 ? ? 0 ? ? 0 0 0 ? 0 ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 ? ? 0 ? ? ? 0 0 0 0 0 0 ? ? 0 ? ? ? ? 0 0 x ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 ? 0 ? ? 0 ? ? ? ? ? 0 0 0 ? ? ? ? 0 0 ? ? ? ? 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 0 1 0 1 0 0 2 0 2 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 0 ? 0 0 0 x ? x ? 0 0 ? ? ? ? ? ? ? 0 0 ? 0 0 ? 0 0 0 ? 0 0 x 0 0 0 0 0 0 0 0 ? ? 0 ? 0 ? 0 x 0 x 0 ? ? ? x x 0 ? ? ? ? ? ? ? ? ? x 0 ? ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
c:\users\user\appdata\roaming\docker\stats.log	Read Attributes,Synchronize,Read Control,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKLM\software\securityhealthservice::userlogpath	C:\Users\Swvcrddi\AppData\Roaming\Docker\stats.log	RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent Show More ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTerminateProcess ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiComputeXformCoefficients win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiDoPalette win32u.dll!NtGdiExcludeClipRect win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiExtSelectClipRgn win32u.dll!NtGdiExtTextOutW win32u.dll!NtGdiFontIsLinked 93 additional items are not displayed above.
User Data Access	GetComputerNameEx GetUserObjectInformation
Anti Debug	IsDebuggerPresent
Service Control	StartServiceCtrlDispatcher

Trojan.Coinminer

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Trojan.Coinminer

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Related Posts

Trending

Most Viewed