SmCredential.exe Trojan CoinMiner Analysis

Trojan CoinMiner

Updated on 2024-10-16 (2 months ago)

Online Virus Checker	v.1.0.192.174
DB Version:	2024-10-16 03:00:36

Trojan.Win64.CoinMiner.ca

CoinMiner is a type of malware that harnesses the victim's computer resources, primarily CPU and RAM, to engage in cryptocurrency mining, such as for Monero or Zcash. This malware establishes persistence by integrating an open-source mining tool into the system's startup routine without the user's consent. Advanced coin miners often employ techniques like timer configurations or CPU usage limits to operate discreetly and avoid detection.

File	SmCredential.exe
Checked	2024-10-16 01:00:46
MD5	6eba6b2af8f709303bc9ead4fac658db
SHA1	b4818c8adb4567d87ba83d3284a33e9c10f8f3d2
SHA256	41de08416967de58073203a4a231c2b6d93511a1880d1ec5786a3cb0c1b63f42
SHA512	abd5719f65eda958b46e24b5bad6509a2c0b2099583a7c7550bee1d819d8d3cdaf8042e56f34832bf37c7ba9f9bf7d377d4bbe74ea55e3e3f6079b8e548ebc2a
Imphash	12806e48b853545b536463546db4baa1
File Size	6346752 bytes

Trojan.Win64.CoinMiner.ca Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.CoinMiner.ca without requiring further user intervention.

Start by downloading Gridinsoft Anti-Malware to your computer.
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
Click on the "Standard Scan" button.
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
If prompted, restart your system to complete the removal process.

File Version Information

CompanyName	Microsoft Corporation
FileDescription	Segnalazione errori applicazioni Microsoft
FileVersion	10.0.2627
InternalName	DWIntl
LegalCopyright	Copyright© Microsoft Corporation 1999-2001. Tutti i diritti riservati.
LegalTrademarks1	Microsoft® è un marchio registrato di Microsoft Corporation.
LegalTrademarks2	Windows® è un marchio registrato di Microsoft Corporation.
OriginalFilename	DWIntl.Dll
ProductName	Microsoft Application Error Reporting
ProductVersion	10.0.2627
Built by	OFFMSO7
Translation	0x0410 0x04e4

Portable Executable Info

	e978c4085c6c2cba0a6e5f6871491494 da7d02a73d2003a54f3910a556e8e28e b0b5fd2ece80c4c4
Image Base:	0x140000000
Entry Point:	0x1403e01a4
Compilation:	2024-08-11 18:16:41
Checksum:	0x00000000 (Actual: 0x00614297)
OS Version:	6.0
PEiD:	PE32+ executable (console) x86-64, for MS Windows
Sign:	The PE file does not contain a certificate table.
Sections:	10
Imports:	WS2_32, IPHLPAPI, USERENV, CRYPT32, KERNEL32, USER32, SHELL32, ole32, ADVAPI32, bcrypt,
Exports:	0
Resources:	10

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Entropy
.text	0x00001000	0x0041a478	0x0041a600	7bfa50ff80e175efdc3f63b945917ffd	6.52
.rdata	0x0041c000	0x001a6e22	0x001a7000	45ad955dcfec3415d214ef4e759878b5	6.17
.data	0x005c3000	0x002af4d4	0x00010200	21bcb66e26a5153208ee0e5b0674ac6a	4.02
.pdata	0x00873000	0x0002a528	0x0002a600	3216f277e28eeb2a10e798f3c405f411	6.32
_RANDOMX	0x0089e000	0x00000c56	0x00000e00	9ee63642b94966ecb630ee0843e46b26	5.68
_TEXT_CN	0x0089f000	0x000026d1	0x00002800	afea7882aa31e5987db2f12b8933de56	6.08
_TEXT_CN	0x008a2000	0x00001184	0x00001200	409bf3f918f2402291cb56c2e9354b47	6.05
_RDATA	0x008a4000	0x000000f4	0x00000200	9e68fee697a3137ad662934ab8ec793e	2.46
.rsrc	0x008a5000	0x00002000	0x00001600	30021c146d62bdf6950ba42238d7f666	3.00
.reloc	0x008a7000	0x0000b5a0	0x0000b600	2db71728c819782830a4bc6de4955950	5.46