Trojan.Bitcoinminer.QB
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 14,357 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 268 |
| First Seen: | January 30, 2023 |
| Last Seen: | March 30, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Bitcoinminer.QB |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
91b099e6dd8e88c7caaa956b1c28822b
SHA1:
8f219912a6c2e5688a17b626dc4492834f69da15
File Size:
2.22 MB, 2219833 bytes
|
|
MD5:
9382cfef4421dc3e9a743aa2cff6d36d
SHA1:
382f30d50b95f561fa65553b3f682017177c301d
File Size:
2.20 MB, 2200392 bytes
|
|
MD5:
b18a40c8e841995b9cf1369518b33069
SHA1:
33c3eeb79435234819ec14debe691e55ece3e854
SHA256:
1B6344C968ADAFC077967CD8504900476DE6C30A285AE0EA4B0273A66C1DF01A
File Size:
1.81 MB, 1812753 bytes
|
|
MD5:
f4831f18ccc9e42e5534cd661a1e3bdd
SHA1:
ecccce502d54b454310c7dec86325ee82c613f4a
SHA256:
3E611477C55CA72365BC2E579CEBFC1EAA8BCBB7B2ADBF4080475A236FCF2A89
File Size:
2.59 MB, 2594381 bytes
|
|
MD5:
9bdef3b387293c7ae1cd3c8183c3fbac
SHA1:
9f2e884c68bdc7d92fddcd283f263fad76c05004
SHA256:
9F2DF785502DD3C742A223B8CC41C7B4AF79464B1EB59D7171C8A4AC50E2E2AE
File Size:
1.79 MB, 1787363 bytes
|
Show More
|
MD5:
8ea4186c7e8b554f87be04a8a345375d
SHA1:
e8b82de4272eaf893487f3c6edb832903cdd9546
SHA256:
D41DBF158B66B119A29451D511249134E4480987CD89935CBBD1B2FA8B4E41D4
File Size:
1.84 MB, 1839409 bytes
|
|
MD5:
53ad708855cc1038396946cd4586e9dc
SHA1:
2b5da9426006e9fa26b1f176eea67770ddc04abd
SHA256:
CC307AC6C6359D3C876B81343B531FBF49D30B8EC39C889C35A1747F241D7034
File Size:
2.06 MB, 2055376 bytes
|
|
MD5:
0815de366d86bbcc26fb7fa27afe2292
SHA1:
c730925950767231c6b8e2466925725796a8af5a
SHA256:
9DE06184860CE820C980D182E9BCAC0B1DD46499A2F6F86345AE7555505AB2FE
File Size:
2.73 MB, 2727421 bytes
|
|
MD5:
0068a30be3752fce08edb2ddea1c21a9
SHA1:
d16363d33b311320fd561b8c6e06dddd81d43f5e
SHA256:
FED594FE85C1A84B719C6385F7E54C36F981CDA2BDB41A79F7A9DCD36224D50D
File Size:
2.49 MB, 2493278 bytes
|
|
MD5:
3e43522f1688e929add398403cc491b6
SHA1:
b8c818a93bf5011810ccf3d89d788a0b7d0c5482
SHA256:
18F46370A1668C3FD4BB3FD42EF73FD4E16F535E506198EB8915B5328615E4C1
File Size:
2.28 MB, 2276380 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| File Version | 2. 1. 0. 0 |
| Legal Copyright | Copyright © 2001-2007 RICOH COMPANY, LTD. All rights reserved. |
| Product Version | 2, 1, 0, 0 |
File Traits
- big overlay
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 312 |
|---|---|
| Potentially Malicious Blocks: | 91 |
| Whitelisted Blocks: | 221 |
| Unknown Blocks: | 0 |
Visual Map
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
1
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
0
x
x
x
x
0
x
x
x
x
0
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Bitcoinminer.QB
- NetBus.A
