Threat Database Trojans Trojan.Coinminer.AHB

Trojan.Coinminer.AHB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 10,969
Threat Level: 80 % (High)
Infected Computers: 1,293
First Seen: August 30, 2022
Last Seen: March 9, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Coinminer.AHB
Signature status: No Signature

Known Samples

MD5: 11b886359af28f6236c266b631d13364
SHA1: ed722c179da27c70dfc1a6e484dd20651e9f70e9
SHA256: 61C06112FAE53854706E26562D0FE3FABD0B762813324B36098291F1D742929C
File Size: 3.75 MB, 3749907 bytes
MD5: 6f47a0955470a0f834aabcc89203d633
SHA1: 9df86d692ead33faea283a9fdcf069e2f1905f88
SHA256: 37DFE946E03D1177B344D88C064F20628FD6B28516EC33CB2CDD73FE56D3BF7C
File Size: 9.78 MB, 9781760 bytes
MD5: 94d47ed8f261669f43bb25767c625d07
SHA1: bb02921b4e8b3bf4d2b1f6881a98136b61c30c61
SHA256: 47663952A4E301950105051AAD41BB6D496F808A39EBD96566DC437A473F102A
File Size: 5.81 MB, 5808017 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Company Name
  • Bitcoin2
  • Dash
File Description
  • bitcoin2d (OSS daemon/client for Bitcoin2)
  • dash-tx (CLI Dash transaction editor utility)
File Version
  • 2.3.0.0
  • 0.12.1.5
Internal Name
  • bitcoin2d
  • dash-tx
Legal Copyright
  • 2009-2017 The Bitcoin Core Developers, 2014-2017 The Dash Core Developers
  • 2009-2020 The Bitcoin Core Developers, 2014-2020 The Dash Core Developers, 2015-2020 The PIVX Core Developers, 2017-2020 The Bitcoin 2 Core Developers
Legal Trademarks1
  • Distributed under the MIT/X11 software license, see the accompanying file COPYING or http://www.opensource.org/licenses/mit-license.php.
  • Distributed under the MIT software license, see the accompanying file COPYING or http://www.opensource.org/licenses/mit-license.php.
Original Filename
  • bitcoin2d.exe
  • dash-tx.exe
Product Name
  • bitcoin2d
  • dash-tx
Product Version
  • 2.3.0.0
  • 0.12.1.5

File Traits

  • big overlay
  • dll
  • x64

Block Information

Total Blocks: 16,408
Potentially Malicious Blocks: 2,318
Whitelisted Blocks: 12,466
Unknown Blocks: 1,624

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x x x x x x x x x x x x x x x x x x x x x x ? ? x x x ? x x x x ? 0 ? 0 0 x 0 x 0 ? ? ? 0 ? ? x x x x x x 0 0 x x x x x x x x 0 0 x ? ? x ? 0 0 0 x x x 0 x x ? x x x x x x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 ? 0 ? ? ? ? ? ? ? 0 ? 0 ? 0 ? x 0 ? x x 0 x x x x x x x 0 x x x x x x 0 0 x x 0 x x x 0 x x 0 0 x x 0 0 x x x x x x x 0 x x x 0 x x x 0 x x 0 x x x x 0 x x x 0 x x x 0 x x x 0 x x x 0 x x x x x 0 x x x 0 x x x 0 x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x 0 x x x 0 x x 0 x x x 0 x 0 x 0 x 0 0 x 0 0 x 0 x x x 0 x x x x x 0 x x x x 0 x x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x x 0 x x x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x x x 0 x x x x x x x x x x x x x x x x x x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x x 0 x 0 x x x 0 x x x 0 x 0 x x x 0 x x 0 0 x x x x x 0 x 0 x x 0 x x x 0 x x x x x x 0 x x 0 0 x x 0 x 0 x x x x x x x x x x 0 0 0 x x 0 x x 0 x x x x 0 x x x x 0 x 0 x x x 0 x x x 0 x x x 0 x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x 0 x x 0 x x x 0 x x x 0 x x x 0 x x x x x x x x x 0 x x x 0 x x x 0 x x x 0 x x x 0 0 0 0 0 0 x 0 x x 0 0 x x x x x x x x x x x x x x ? ? ? x 0 ? x x x 0 x ? ? 0 x ? ? x 0 ? 0 ? 0 x x 0 x 0 x x 0 x x 0 x x 0 x x x 0 x 0 x x 0 x x 0 x x ? 0 x ? ? 0 ? x 0 x 0 x 0 x 0 0 ? ? 0 ? x 0 x 0 ? 0 0 ? 0 ? ? ? ? ? ? x x 0 0 0 0 0 0 x 0 x x 0 0 0 0 x 0 x x x x x 0 x 0 0 0 0 0 0 0 0 x x x 0 x x 0 0 x x x x x x x x x x ? 0 ? ? 0 ? 0 x x 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 0 0 x x x x x x x x x x 0 x x x x x 0 x x x x x x x 0 x x x 0 0 0 x x x 0 0 0 x x x 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 x x x x x x 0 0 x x x x 0 x 0 0 x x 0 x 0 x x 0 0 x 0 0 0 0 x x x x x 0 x 0 x 0 x x x 0 x 0 x 0 x x 0 x x 0 x 0 x x 0 x 0 x x 0 0 0 x x 0 x 0 x x x x x 0 x 0 x 0 x x x 0 x 0 x 0 ? x x x x x x 0 x x 0 x 0 x x 0 0 x 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 x x 0 0 x 0 0 0 0 x 0 x 0 x 0 0 0 0 x x 0 0 x x x x x x ? 0 0 x 0 x x 0 x x 0 0 x x x x x x x x ? x x 0 0 0 0 x 0 x x x 0 0 0 x 0 x x ? x 0 ? x ? ? 0 ? ? 0 ? x ? ? ? 0 ? x 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 x x 0 0 0 0 ? ? 0 0 0 ? ? 0 0 x x x x x x x x x x x x x ? x x x x x x x x x 0 0 x x 0 x 0 x 0 x 0 0 0 x x 0 0 0 x 0 0 0 x 0 x 0 0 0 0 x x 0 0 0 0 x x x x x 0 x ? 0 x 0 0 ? ? ? ? x 0 x x x 0 0 0 0 x ? 0 0 ? 0 0 0 0 ? x x x 0 x 0 0 0 0 x 0 0 x 0 x 0 0 x ? 0 x ? 0 0 0 0 0 x 0 ? 0 0 0 0 0 x x x ? ? x x x x x x 0 x x x x 0 0 0 0 x 0 x 0 x x 0 x x x x x 0 x x 0 x x x 0 x 0 0 x 0 0 0 x 0 0 x x 0 0 0 0 0 x 0 0 0 x 0 0 x 0 x x x x x 0 0 0 x 0 x x x 0 x 0 x 0 0 0 0 0 x x x 0 x x x 0 x 0 x x x x ? 0 0 0 x x 0 0 0 x ? x x 0 0 ? 0 x 0 x 0 x x x x x 0 x x x x 0 x x 0 x x x x x x x x 0 0 x 0 0 0 0 0 x x x x 0 x 0 0 x x x x x x x x x x 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x 0 0 0 0 0 0 0 0 x x x 0 0 0 x x x 0 0 0 0 0 0 x 0 0 0 0 x x x x x x x 0 0 0 0 0 0 0 0 0 0 x 0 ? ? ? ? 0 x x ? x 0 x x x x 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 x x x x x x x 0 x x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 x x x 0 0 0 0 x x x x x 0 0 0 0 x 0 0 0 0 x x 0 0 x x x x x x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 ? 0 ? 0 ? 0 0 0 ? 0 ? ? ? 0 0 ? 0 0 x x x ? ? ? ? ? 0 0 ? ? ? ? 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 ? 0 ? ? 0 0 0 0 ? 0 x 0 ? 0 0 0 ? ? 0 ? 0 ? 0 0 0 0 ? 0 ? 0 ? ? 0 ? 0 ? 0 x ? 0 0 ? 0 0 x ? ? x ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? 0 ? ? 0 ? ? 0 0 0 ? ? ? ? 0 0 ? 0 ? x ? ? ? 0 0 ? 0 ? ? ? 0 0 ? ? 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? ? x ? 0 ? 0 0 0 0 0 0 ? ? ? ? ? x 0 0 0 0 x ? ? ? ? x 0 0 0 0 0 ? 0 0 ? ? 0 ? 0 ? 0 ? 0 0 0 ? 0 ? ? ? 0 0 0 0 x 0 0 0 ? x ? ? ? ? ? ? ? ? ? 0 x ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 ? ? 0 ? 0 ? 0 ? 0 0 0 ? 0 ? ? ? 0 0 ? 0 x 0 0 0 x 0 ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 ? ? ? ? ? ? 0 ? ? 0 ? 0 ? 0 ? 0 0 0 ? ? 0 ? 0 ? ? 0 ? 0 ? 0 ? ? 0 ? 0 0 0 0 ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? ? ? 0 0 ? 0 ? ? ? 0 0 ? ? 0 0 ? 0 ? ? 0 x ? 0 0 0 0 x 0 ? ? x x x 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 0 0 ? ? ? ?
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Bitcoinminer.BDF
  • Bitcoinminer.BDG
  • Coinminer.AHB

Files Modified

File Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\bitcoin2\.cookie Generic Write,Read Attributes
c:\users\user\appdata\roaming\bitcoin2\.lock Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\bitcoin2\.lock Generic Write,Read Attributes
c:\users\user\appdata\roaming\bitcoin2\bitcoin2.conf Generic Write,Read Attributes
c:\users\user\appdata\roaming\bitcoin2\debug.log Generic Write,Read Attributes
c:\users\user\appdata\roaming\bitcoin2\masternode.conf Generic Write,Read Attributes

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
Show More
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtLockVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnlockVirtualMemory
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Encryption Used
  • CryptAcquireContext
User Data Access
  • GetUserObjectInformation
Network Winsock2
  • WSAStartup
Network Winsock
  • accept
  • bind
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • gethostbyname
  • getnameinfo
  • getsockname
  • setsockopt
Show More
  • socket

Trending

Most Viewed

Loading...