Trojan.CoinLoader.AA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	16,379
Threat Level:	80 % (High)
Infected Computers:	194

First Seen:	July 7, 2014
Last Seen:	March 5, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.CoinLoader.AA
Signature status:	No Signature

Known Samples

MD5: 70d9c46ab2f3c709835e11b0c40225c0

SHA1: 89b8343a5cfe42bade8f43fe52b0217320edd3d7

SHA256: 0E78733824C1CDF52B59DADF1FA5F8B4A7C59DCFDBACEB226EEE23F6CD04EA46

File Size: 1.21 MB, 1212928 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have security information
File has TLS information
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name	Value
Company Name	Microsoft Corporation
File Description	Net Command
File Version	10.0.19041.3636 (WinBuild.160101.0800)
Internal Name	net1.exe
Legal Copyright	© Microsoft Corporation. All rights reserved.
Original Filename	net1.exe
Product Name	Microsoft® Windows® Operating System
Product Version	10.0.19041.3636

File Traits

HighEntropy
x86

Block Information

Total Blocks:	6,901
Potentially Malicious Blocks:	3,254
Whitelisted Blocks:	2,739
Unknown Blocks:	908

Visual Map

x 0 x x x x ? x ? x ? ? x x 0 ? x 0 x x 0 x 0 x ? x x 0 x x x 0 0 0 0 x 0 0 x ? x 0 x x ? x x 0 x ? ? 0 0 x x x x ? 0 x ? x x 0 0 ? x x 0 x 0 0 0 x ? 0 x ? x x x x 0 x x 0 0 ? 0 0 0 x ? x x 0 x ? x 0 0 ? x x 0 0 x ? x 0 x x 0 x x 0 0 0 x ? x 0 0 0 ? x x 0 ? 0 x 0 x x 0 ? ? 0 0 0 0 x x x x x x 0 0 ? x x x ? ? x x x x 0 x 0 x ? 0 0 x x 0 ? 0 0 x ? x x 0 x ? x x 0 x ? x x 0 x x x x x x x 0 x x x x ? x ? ? x 0 ? ? ? 0 0 0 0 0 0 x 0 0 0 0 0 0 x ? x x ? x ? 0 x x x x x x x x x x x x 0 x 0 x x 0 0 x x x x x x x x x x x x x x x 0 0 0 x x x 0 x x 0 x x 0 ? x 0 0 0 x ? ? ? x ? 0 x x x 0 0 0 0 0 ? 0 x 0 ? 0 x x x x x x ? 0 0 ? x x x x x x x x x x x 0 0 x 0 0 x x x x 0 x 0 0 ? 0 x x 0 x 0 0 x x x 0 ? 0 0 0 ? x x 0 ? x ? x 0 0 0 0 0 0 0 x ? ? 0 0 x x 0 ? x x x x 0 ? x x 0 x x x 0 ? x x 0 0 x x ? 0 0 0 0 0 0 x 0 x x 0 x x ? x 0 x x x x x 0 0 x x ? ? 0 0 x 0 x x x 0 0 ? 0 x x x ? x ? x 0 x x x x 0 0 0 0 x x 0 x x ? x 0 x 0 0 x x 0 ? x 0 0 x 0 x x 0 x x x 0 x x x 0 x 0 0 x 0 x 0 x x x 0 ? ? x x x x 0 0 0 x x x 0 0 0 x x x ? 0 0 ? ? x ? x 0 ? 0 ? ? 0 x x x x ? ? 0 ? x x 0 ? x x x ? 0 ? x x x x x 0 x ? 0 x x 0 0 x x x 0 x ? 0 x x x x x 0 x x x ? x x x x x ? x x 0 0 x ? x 0 0 ? 0 ? 0 0 0 ? x x 0 x 0 x x x x ? x x x ? x 0 0 0 0 x 0 0 x ? 0 0 0 ? x ? x 0 ? 0 x 0 x ? x ? 0 0 0 0 x 0 x 0 0 0 x 0 ? ? x x x x ? x x ? x 0 0 x ? 0 0 0 x x ? ? ? x x 0 x 0 x x x ? 0 x x 0 0 0 x 0 x x x x 0 x x 0 ? x x x x x x ? x 0 x x x x 0 x x x x x ? 0 0 0 0 x x x x x x ? 0 x 0 x x x 0 x x x 0 0 x x x 0 0 x x x ? x x x 0 x ? x x x x ? x x x 0 ? x x 0 x x x x ? x x ? x 0 0 x ? 0 0 0 x x ? ? ? x x 0 x 0 x x x ? 0 x x 0 0 0 x 0 x x x x 0 x 0 ? x x x x x x ? x 0 x x x x 0 x x x x x x x 0 0 0 0 x x x x x x 0 x 0 ? x x x 0 x x x x 0 0 ? x 0 0 x x x ? x x 0 ? ? x x x x ? x x 0 0 ? ? 0 x x x x 0 0 x 0 ? 0 0 x x ? 0 ? 0 x 0 0 ? 0 0 x 0 x 0 x 0 0 x 0 0 0 0 x 0 0 x x ? x x 0 x 0 0 0 ? x ? x x x x ? ? x ? x x x x x x ? ? 0 x ? x x 0 0 0 x 0 x 0 0 x x x ? x x x x x x ? x 0 x x x ? x x x x x 0 0 x x x 0 x 0 x x x 0 0 x ? 0 0 0 ? ? x 0 ? x x x 0 0 x 0 0 0 0 x 0 0 x x x 0 ? x 0 x 0 0 x x x 0 x 0 ? 0 x x 0 0 x 0 0 x ? 0 0 x x ? 0 0 0 x x x x ? x x x x x x 0 x 0 0 x x x x x 0 x 0 0 0 x 0 x 0 x x 0 0 x 0 x x x 0 x x 0 0 ? 0 0 0 0 0 0 ? x x x x x x ? x x ? ? x x x x x x x x 0 x x 0 ? x 0 x x ? x 0 ? x x ? 0 ? x x x x x 0 x x x 0 x x ? 0 0 0 ? ? x x x x ? ? ? x x 0 x 0 x 0 x ? x 0 x x ? x x 0 ? x ? ? 0 ? x ? ? x ? x x 0 0 0 0 x x 0 ? ? 0 ? x x x ? 0 x x ? x x 0 0 x x x 0 0 x 0 x x x x ? 0 x x x x x x 0 0 ? x x x 0 ? ? x 0 0 0 x 0 x 0 x x 0 0 x 0 ? x ? 0 0 x x x x x 0 x x x x x x 0 0 x x x ? x x x x 0 0 x 0 0 x x 0 x x 0 ? 0 ? 0 x x x x x x 0 0 x 0 x x x x 0 0 x ? x x x x 0 0 x x x x x 0 x ? x ? x ? x x x x x ? x ? 0 x x x x x x 0 ? 0 0 x x x x 0 0 x x x 0 x ? x x 0 0 0 x x x ? ? x 0 x ? 0 0 x x x x ? x x x x ? 0 0 ? x 0 x x ? ? x x 0 x x x x 0 x x x x x ? x 0 x x 0 ? 0 ? x x 0 x x ? x x 0 x x ? x 0 x ? x ? ? x ? x 0 ? 0 ? x ? x x x x x x 0 ? x ? x x 0 x x 0 x 0 x x x ? x x x 0 0 0 x x x 0 x ? 0 0 0 x 0 ? ? x x 0 ? x 0 x x x x x x 0 0 ? x x x x 0 0 x x x 0 0 ? x ? x 0 x x x 0 0 x x 0 x x x 0 0 ? ? x 0 x x x x x x x ? x x 0 x x 0 x 0 x x x 0 ? x 0 x ? ? 0 x 0 x x 0 x x x x x 0 x x x x x x x x 0 0 ? x x x ? x x x x 0 ? x x x x x x x x ? x 0 x x x x x x 0 x 0 x x ? x 0 x 0 0 0 0 x 0 ? x 0 x 0 0 0 x 0 0 0 0 ? x 0 x x 0 0 x 0 x x 0 x 0 0 0 ? x 0 x 0 0 0 0 0 x x x x 0 0 x 0 x x 0 x 0 x 0 0 x 0 0 0 0 x x 0 x ? x 0 x x x x x x 0 x x x x x 0 0 0 x 0 0 ? x x x x x ? 0 ? ? 0 0 x 0 0 ? ? ? 0 x ? ? 0 ? 0 0 x 0 ? x x x x x 0 ? 0 0 x ? ? ? ? x 0 ? 0 ? 0 0 x 0 x 0 x x x ? ? x 0 0 0 x x 0 x 0 0 0 x 0 0 x 0 x 0 0 0 x 0 x ? 0 0 x 0 0 ? x ? x 0 ? x x x 0 x 0 x ? x 0 x x 0 x x x 0 0 ? x x ? x x 0 ? x x x x 0 x x 0 ? 0 0 ? x x x x 0 0 0 x x x 0 x x x 0 x ? x x 0 0 x x 0 ? x 0 x 0 0 0 x 0 x 0 x 0 0 x x x ? x 0 x 0 0 0 ? x 0 x 0 x x x 0 x x x 0 x 0 0 x x 0 x ? x 0 ? 0 x x x x x 0 x x x x x 0 x x x x x x 0 x x x x 0 x 0 ? x x x ? x x 0 x x x x 0 ? x 0 ? x x x 0 ? 0 0 0 x x 0 0 ? x ? ? ? 0 ? 0 x ? 0 0 x x x x 0 x x 0 x 0 x x 0 ? ? ? ? 0 ? ? ? x x ? ? ? x x 0 x x 0 ? ? x x 0 0 0 x x ? ? 0 x 0 x 0 x x x 0 0 x ? x x x ? x 0 x ? x x x ? ? x x x ? x x ? 0 ? ? ? x x x x x x 0 x x 0 0 ? x x x ? 0 x 0 0 ? x x x x x ? 0 ? x x x x 0 x x 0 x 0 0 ? 0 x x x x 0 ? 0 x x x x 0 0 x 0 0 x 0 x 0 x 0 x x x ? x x x x x 0 x x 0 x 0 x x 0 0 x x x x 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.CoinLoader.AA

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Windows API Usage

Windows API Usage

Submit Comment

Trending

ExportMasters

News-huwaru.com

Notifygear.com

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen