Threat Database Trojans Trojan.Bitcoinminer.C

Trojan.Bitcoinminer.C

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 10,262
Threat Level: 80 % (High)
Infected Computers: 7,236
First Seen: May 8, 2017
Last Seen: February 11, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Bitcoinminer.C
Packers: UPX x64
Signature status: No Signature

Known Samples

MD5: 1f9c6630a9fbc08c5f029881c14f902c
SHA1: 5ce33c4ef2f78ccc25c77ac6133d85d7f6c5cfe6
File Size: 3.18 MB, 3182080 bytes
MD5: e96318d08a32bb6dafcba8c5e42a3c9f
SHA1: 7f25ec48fdff9a39f541746a8a4fcf5f4b60e918
SHA256: 74314EBE03D3010D13C96D087EE8FF1C05166DE53B6BCE533E82DC7A88AF2376
File Size: 3.18 MB, 3182080 bytes
MD5: 630db02fa7c8a8431e8bdc8750accf31
SHA1: 299a19c4f79342ac64449c22b58d83f5cd6f8a0a
SHA256: E3556C3437DA3E49D7996C8D653C816CCA1203AC81E45FA5DF99B348FC6EAF45
File Size: 3.18 MB, 3182080 bytes
MD5: 3eb05cb9aade2c8948603fc422d2dd6e
SHA1: 555ac8152dee0d8f8200d8fa60914af31578d65d
SHA256: F8F91CAFECB8D9EC3878FB2401886D3161EA83FA6C7491944A6A8EC6D1EF8C96
File Size: 516.10 KB, 516096 bytes
MD5: 4afc5ef1ece71108cdfbe59e90d1ea31
SHA1: b0e63d7d0bbdf1e537ab0a2fc9f28f1f5c581e2c
SHA256: BA8284297366C86F75B7712FEA346025C4B3D9A894482D1BFCA7546DCDE3620A
File Size: 3.23 MB, 3232256 bytes
Show More
MD5: e711ae906dc749397cbfd85100b8a41a
SHA1: 0c164ae9813591346a23fb1b01fa278aabb81d52
SHA256: 5CBAE7A39B6EA0F3CA400523C300880A828B40A8470E1194890722807AF9D780
File Size: 3.14 MB, 3140096 bytes
MD5: 27a6f676bdaaa99ff43d8de90dfe76d0
SHA1: 6905494ea040fc65fecd80195ded4837af44e48c
SHA256: 2C70DC0C880A625BD7CD919DDC3E90B60DCCE1BFD35E0B821814B9AAD3EC375A
File Size: 3.18 MB, 3182080 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Comments Modified by an unpaid evaluation copy of Resource Tuner 2 (www.heaventools.com)
Company Name Microsoft Corporation
File Description Процесс исполнения клиент-сервер
File Version 6.1.7600.16385
Internal Name CSRSS.Exe
Legal Copyright © Microsoft Corporation. All rights reserved.
Original Filename CSRSS.Exe
Product Name Microsoft® Windows® Operating System
Product Version 6.1.7600.16385

File Traits

  • GetConsoleWindow
  • HighEntropy
  • No Version Info
  • packed
  • RT
  • x64

Block Information

Total Blocks: 23,780
Potentially Malicious Blocks: 7,827
Whitelisted Blocks: 15,953
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x x x x 0 x x x 0 0 0 x x x 0 x 0 0 x 0 x x x x x x 0 0 x 0 x x x 0 0 x 0 0 x x x x x x 0 x x x 0 0 0 x x 0 0 x x x 0 x 0 0 0 x x x 0 0 0 x x x x x x x x 0 0 x 0 0 x x 0 x x x x x x x x x x x 0 x x 0 x x 0 x x x 0 x x 0 x x 0 x x x 0 x 0 x x 0 0 0 0 x x x x x x x x 0 x x 0 0 x x x x x 0 x x x x 0 x x x x 0 0 0 0 0 x 0 x x 0 0 x x x x x x 0 0 x x 0 x x x 0 0 x 0 0 x x 0 x x 0 0 x 0 x x 0 x x 0 0 x x x 0 0 0 x x x x x 0 x 0 x x x x x 0 x x x x x x 0 0 x x x 0 0 x 0 0 0 0 0 x x 0 0 0 x x x 0 0 0 0 x x 0 0 0 0 0 x x x 0 0 x x x 0 0 x x 0 x x x 0 x 0 0 x 0 x 0 0 0 0 x 0 0 x 0 0 x x x 0 0 0 0 x x x x 0 x x 0 0 0 x 0 x 0 x 0 x x x 0 0 0 x 0 x x x 0 x x x x 0 x x x x x 0 x 0 x 0 x x x 0 0 0 x x x 0 0 x 0 0 0 x 0 x x x 0 0 x 0 x x x x x x x x x x 0 x x x x x 0 x 0 x x x x x x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 x x 0 0 x 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 x 0 0 x 0 0 0 0 0 x 0 x 0 x 0 x 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x x 0 x 0 x x x x 0 x 0 x 0 x 0 x 0 0 x x 0 0 0 x 0 0 x x x x 0 0 0 0 0 0 x 0 x x 0 x 0 0 x x 0 0 x 0 x 0 0 0 0 0 x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 x x x 0 x x 0 0 x x 0 x x 0 x 0 x x 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 x 0 0 0 x 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x 0 0 x 0 0 x 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x x x 0 0 x x x x x x 0 x 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 x x x x 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x x 0 0 x x 0 x 0 0 0 0 0 0 x 0 0 0 x x x 0 x x 0 x x 0 0 0 x 0 0 0 0 x x 0 0 0 0 0 x x 0 x 0 0 0 x 0 0 x 0 0 0 x 0 x x 0 x x x 0 0 0 0 x x x 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x 0 x 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 0 0 0 x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x x 0 0 0 0 0 0 0 x x 0 x x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x x x x 0 x 0 0 x x x x x 0 x 0 0 x 0 0 0 x 0 x x x 0 0 0 0 x 0 x x 0 0 0 x 0 0 x 0 x x x x x x x x x 0 0 0 x x 0 x x 0 0 0 0 x x x x x 0 x x 0 x 0 0 x x 0 x 0 x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x x 0 x 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 x 0 0 x x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 x 0 0 x 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 x x x 0 0 x x x 0 0 0 x 0 x 0 0 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Bitcoinminer.C
  • Bitcoinminer.CBA

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
Show More
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState

Related Posts

Trending

Most Viewed

Loading...