Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Bitcoinminer.KG

Trojan.Bitcoinminer.KG

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 24,439
Threat Level: 80 % (High)
Infected Computers: 15
First Seen: May 9, 2021
Last Seen: February 6, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Bitcoinminer.KG
Signature status: Hash Mismatch

Known Samples

MD5: b86ea8203669c4f1799fe656a1fcda05
SHA1: 0d0635b72d8af92e36aa013250a5986d920906f5
SHA256: 95AE57EF78A5FFFFBB6C2C5E6AB708CA87658C6E7BBC24A7E83545D506E5C37E
File Size: 406.29 KB, 406288 bytes
MD5: 2acaad9d644a4840fa2429c42f6f8b93
SHA1: e4ae5e4369bffc921846d7f5846b437a81a268e5
SHA256: 4E6899FF5871398419A90CEF6FBD3A7B20C4C5650E3420CF8E26E6169450C06E
File Size: 432.54 KB, 432544 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
File Description NVIDIA Corporation
File Version 2.35.0
Internal Name NVIDIA WMI Provider
Legal Copyright (C) 2020 NVIDIA Corporation. All rights reserved.
Original Filename Nvwmi64.exe
Product Name NVIDIA WMI Provider
Product Version 2.35.0

Digital Signatures

Signer Root Status
BeiJing IQIYI Science & Techonology Co.,Ltd DigiCert SHA2 Assured ID Code Signing CA Hash Mismatch
Microsoft Windows Hardware Compatibility Publisher Microsoft Windows Third Party Component CA 2012 Hash Mismatch
NVIDIA Corporation VeriSign Universal Root Certification Authority Hash Mismatch

File Traits

  • HighEntropy
  • x86

Block Information

Total Blocks: 986
Potentially Malicious Blocks: 8
Whitelisted Blocks: 978
Unknown Blocks: 0

Visual Map

0 0 0 x x x 0 x 0 0 0 x x x x 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 1 0 2 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 0 3 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 2 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 2 2 0 0 1 0 0 0 1 1 1 0 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 2 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\windows\systemmvwmishell\mvwmishell.exe Generic Write,Read Attributes
c:\windows\systemmvwmishell\mvwmishell.exe Read Data,Read Attributes,Synchronize,Write Data
c:\windows\systemnvdksplay\nvdksplay.exe Generic Write,Read Attributes
c:\windows\systemnvdksplay\nvdksplay.exe Read Data,Read Attributes,Synchronize,Write Data

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\netcellcore mvwmishells::deletefiles c:\users\user\downloads\0d0635b72d8af92e36aa013250a5986d920906f5_0000406288 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 㴠ȁ龡^8獖} RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\netcellcore mvwmishells::ksysnctgroup M2511180858-584C24A28CB1E5AA RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 㴡ȁ龡^9獖} RegNtPreCreateKey
HKLM\system\controlset001\services\netcellcore mvwmishells::ksysnctgroup M2511180858-4144455066F6BFE3 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 㴢ȁ龡^:獖} RegNtPreCreateKey
HKLM\system\controlset001\services\netcellcore mvwmishells::ksysnctgroup M2511180858-B7FF71965FABC67F RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 㴣ȁ龡^;獖} RegNtPreCreateKey
HKLM\system\controlset001\services\netcellcore mvwmishells::ksysnctgroup M2511180858-B5A8C466D3E7B38A RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 㴤ȁ龡^<獖} RegNtPreCreateKey
HKLM\system\controlset001\services\netcellcore mvwmishells::ksysnctgroup M2511180858-1E82461A4129DF20 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\netwellcore system nvdisplayshelle::deletefiles c:\users\user\downloads\e4ae5e4369bffc921846d7f5846b437a81a268e5_0000432544 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\netwellcore system nvdisplayshelle::ksysnctgroup M2602021904-295B335952EEA59E RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\netwellcore system nvdisplayshelle::ksysnctgroup M2602021904-17E5BD8CBD96B656 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\netwellcore system nvdisplayshelle::ksysnctgroup M2602021904-0CA72C833C28C1CE RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\netwellcore system nvdisplayshelle::ksysnctgroup M2602021904-9C3023307F58E1AA RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\netwellcore system nvdisplayshelle::ksysnctgroup M2602021904-7AA19E3A0E0ED581 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\netwellcore system nvdisplayshelle::ksysnctgroup M2602021904-0E62BA5DA0EDB455 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\netwellcore system nvdisplayshelle::ksysnctgroup M2602021904-C2BC52D2D28215C1 RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecute
Service Control
  • OpenSCManager
  • StartService

Shell Command Execution

open C:\WINDOWS\SystemMvwmiShell\MvwmiShell.exe
open C:\WINDOWS\SystemMvwmiShell\MvwmiShell.exe
open C:\WINDOWS\SystemMvwmiShell\MvwmiShell.exe
open C:\WINDOWS\SystemMvwmiShell\MvwmiShell.exe
open C:\WINDOWS\SystemMvwmiShell\MvwmiShell.exe
Show More
open C:\WINDOWS\SystemNVDksPlay\NVDksPlay.exe

Trending

Most Viewed

Loading...