PUP.Coiner.A

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.Coiner.A
Signature status:	No Signature

Known Samples

MD5: dfbc97e90a8fa55c58943b637121b657

SHA1: eb8db937d2570701263b027a8f1c654e5cc8119e

File Size: 9.05 MB, 9053696 bytes

MD5: e5d03ff4881557b22954bb0c6ddb680f

SHA1: cd747bfb07a6f3883de7c326d7ac36c467f84d32

SHA256: 80E08307CAC0D9D014433E1C4DD5DB2ACF60EB068BC3B9FC6D0709A3A4841E97

File Size: 6.15 MB, 6152206 bytes

MD5: ee3594f47f70042f92da2e256ab10d93

SHA1: e98553234f30bd3a3f17b57005b8868b5c007271

SHA256: 86E5AE98F3EB1D853BCB8F60E5B3891C699E081DF0454E8861B65877E0EEF7E0

File Size: 8.85 MB, 8848384 bytes

MD5: 5ee1e751eee7443cc82396c864e67731

SHA1: 162051824906f857ca446e7867850e47a444e755

SHA256: 9F259190B3C3163710CDDE737D3C1BA0BE63EBC6558FA6E847F400545E50971F

File Size: 6.32 MB, 6319630 bytes

MD5: 4e57b5e36d7cdaf00d7df883ee2c9571

SHA1: ab73ed7e62a4f07dbf362a1d18a030422939d69b

SHA256: CCDDB2DC6BA8953D91BABC7D92D3D13A6B88B83A2EC37765233C47F8D85D0253

File Size: 9.61 MB, 9609728 bytes

MD5: 3eadf61d79ebb1cfc54fcf1e09131b4a

SHA1: 507d9a255af64011f952d8c8832319b7c0773834

SHA256: 4724A8AD62407BAB5277A0720C5B2399333EB383DFF056C3FEA2AF3DA879A58E

File Size: 6.52 MB, 6524942 bytes

MD5: 73a7691512780ae0d02b41f13e807157

SHA1: fd8e57198bb6d6cde9638078f5194954260b5358

SHA256: 550A198D6106B18B26C5BAD54F6CB622E848CAFC38DB9D80425495F77486F45E

File Size: 8.06 MB, 8057278 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)

File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	Bitcoin Dogecoin Fortcoin
Company Website	http://dogecoin.com
File Description	bitcoind (Bitcoin node with a JSON-RPC server) Dogecoin-Qt (OSS GUI client for Dogecoin) Fortcoind (OSS daemon/client for Fortcoin)
File Version	1.12.0.2 1.6.0.0 1.5.0.0 1.1.0.0
Internal Name	bitcoind dogecoin-qt Fortcoind
Legal Copyright	2009-2016 The Bitcoin Core Developers, 2014-2016 The Fortcoin Core Developers 2017 The ATBcoin Core developers Dogecoin developers 2013-2014, Litecoin developers, The Bitcoin developers 2009-2013
Legal Trademarks1	Distributed under the MIT/X11 software license, see the accompanying file COPYING or http://www.opensource.org/licenses/mit-license.php. Distributed under the MIT software license, see the accompanying file COPYING or http://www.opensource.org/licenses/mit-license.php.
Original Filename	bitcoind.exe dogecoin-qt.exe Fortcoind.exe
Product Name	bitcoind Dogecoin Dogecoin-Qt Fortcoind
Product Version	1.12.0.2 1.6.0.0 1.5.0.0 1.1.0.0

File Traits

HighEntropy
No Version Info
x86

Block Information

Similar Families

Coiner.A

Files Modified

File	Attributes
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsl676.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl676.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl676.tmp\modern-wizard.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl676.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl676.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw666.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\roaming\digigems\.lock	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\.lock	Generic Write,Read Attributes

c:\users\user\appdata\roaming\digigems\__db.001	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\__db.80000001.19d4743f	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\blocks\blk00000.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\blocks\index\000001.dbtmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\blocks\index\000002.dbtmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\blocks\index\000003.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\blocks\index\current	Synchronize,Write Data
c:\users\user\appdata\roaming\digigems\blocks\index\log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\blocks\index\manifest-000001	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\blocks\index\manifest-000002	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\chainstate\000001.dbtmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\chainstate\000002.dbtmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\chainstate\000003.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\chainstate\current	Synchronize,Write Data
c:\users\user\appdata\roaming\digigems\chainstate\log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\chainstate\manifest-000001	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\chainstate\manifest-000002	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\database\log.0000000001	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\db.log	Generic Write,Read Attributes
c:\users\user\appdata\roaming\digigems\debug.log	Generic Write,Read Attributes
c:\users\user\appdata\roaming\digigems\wallet.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\digigems\wallet.dat	Synchronize,Write Data
c:\users\user\downloads\temp\shsandbox-win32.dll-5.22.1.9999-x86.dmp	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\.net clr data\linkage::export	.NET CLR Data	RegNtPreCreateKey
HKLM\system\controlset001\services\.net clr networking\linkage::export	.NET CLR Networking	RegNtPreCreateKey
HKLM\system\controlset001\services\.net data provider for oracle\linkage::export	.NET Data Provider for Oracle	RegNtPreCreateKey
HKLM\system\controlset001\services\.net data provider for sqlserver\linkage::export	.NET Data Provider for SqlServer	RegNtPreCreateKey
HKLM\system\controlset001\services\msdtc bridge 3.0.0.0\linkage::export	MSDTC Bridge 3.0.0.0	RegNtPreCreateKey
HKLM\system\controlset001\services\servicemodelendpoint 3.0.0.0\linkage::export	ServiceModelEndpoint 3.0.0.0	RegNtPreCreateKey
HKLM\system\controlset001\services\servicemodeloperation 3.0.0.0\linkage::export	ServiceModelOperation 3.0.0.0	RegNtPreCreateKey
HKLM\system\controlset001\services\servicemodelservice 3.0.0.0\linkage::export	ServiceModelService 3.0.0.0	RegNtPreCreateKey
HKLM\system\controlset001\services\smsvchost 3.0.0.0\linkage::export	SMSvcHost 3.0.0.0	RegNtPreCreateKey
HKLM\system\controlset001\services\windows workflow foundation 3.0.0.0\linkage::export	Windows Workflow Foundation 3.0.0.0	RegNtPreCreateKey

HKLM\system\controlset001\services\bits\performance::1008	ʟ幑ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bits\performance::1008	ꏭ㭈醂ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\msdtc\performance::1009	⭃㭱醂ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\msdtc\performance::disable performance counters		RegNtPreCreateKey

Windows API Usage

Category	API
Network Winsock2	WSAStartup
Encryption Used	CryptAcquireContext
User Data Access	GetComputerName GetUserObjectInformation
Network Winsock	bind freeaddrinfo getaddrinfo getnameinfo setsockopt socket

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Coiner.A

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Downloader.ConsCorr

Trojan.Vapsup

Trojan.Vundo.HM

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen