PUA.WIN64.TOOLXMR.GZ

This Coinminer arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user.

It uses the system's central processing unit (CPU) and/or graphical processing unit (GPU) resources to mine cryptocurrency.

Arrival Details

This Coinminer arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be manually installed by a user.

Other Details

This Coinminer does the following:

• It does not need specific arguments/parameters if a configuration file "config.json" is found in the same directory.

It accepts the following parameters:

• -a, --algo=ALGO specify the algorithm to use [scrypt(N, 1, 1), SHA-256d, Shabal-256 MemoHash, Blake-256 14-rounds (SFR), Blake-256 single sha256 merkle, Blake2-S (256), BMW 256, C11, Cryptonight-light, Monero, Diamond-Groestl, Fresh, GroestlCoin, Heavy, Keccak, Luffa, Lyra2RE, Lyra2REv2 (Vertcoin), Myriad-Groestl, M7-M (Magicoin), NeoScrypt(128, 2, 1), Nist5, Pluck:128 (Supcoin), Pentablake, Quark, Qubit, Shavite3, Skein+Sha (Skeincoin), Double Skein (Woodcoin), S3, SibCoin, MachineCoin, Blake-256 8-rounds, VeltorCoin, Permuted x11, X11, X13, X14, X15, X17, ZR5]
• -o, --url=URL URL of mining server
• -O, --userpass=U:P username:password pair for mining server
• -u, --user=USERNAME username for mining server
• -p, --pass=PASSWORD password for mining server
• --cert=FILE certificate for mining server using SSL
• -x, --proxy=[PROTOCOL://]HOST[:PORT] connect through a proxy
• -t, --threads=N number of miner threads (default: number of processors)
• -r, --retries=N number of times to retry if a network call fails
• -R, --retry-pause=N time to pause between retries, in seconds (default: 30)
• --time-limit=N maximum time [s] to mine before exiting the program.
• -T, --timeout=N timeout for long poll and stratum (default: 300 seconds)
• -s, --scantime=N upper bound on time spent scanning current work when long polling is unavailable, in seconds (default: 5)
• --randomize Randomize scan range start to reduce duplicates
• -f, --diff-factor Divide req. difficulty by this factor (std is 1.0)
• -m, --diff-multiplier Multiply difficulty by this factor (std is 1.0)
• -n, --nfactor neoscrypt N-Factor
• --coinbase-addr=ADDR payout address for solo mining
• --coinbase-sig=TEXT data to insert in the coinbase when possible
• --max-log-rate limit per-core hashrate logs (default: 5s)
• --no-longpoll disable long polling support
• --no-getwork disable getwork support
• --no-gbt disable getblocktemplate support
• --no-stratum disable X-Stratum support
• --no-extranonce disable Stratum extranonce support
• --no-redirect ignore requests to change the URL of the mining server
• -q, --quiet disable per-thread hashmeter output
• --no-color disable colored output
• -D, --debug enable debug output
• -P, --protocol-dump verbose dump of protocol-level activities
• --hide-diff hide submitted block and net difficulty
• -B, --background run the miner in the background
• --benchmark run in offline benchmark mode
• --cputest debug hashes from cpu algorithms
• --cpu-affinity set process affinity to cpu core(s), mask 0x3 for cores0 and 1
• --cpu-priority set process priority (default: 0 idle, 2 normal to 5 highest)
• --on-idle=secs compute on system idle (number of seconds)
• --on-idle-low=pct lower mining cpu percent, when miner is not active
• -b, --api-bind IP/Port for the miner API (default: 127.0.0.1:4048)
• --api-remote Allow remote control
• --max-temp=N Only mine if cpu temp is less than specified value (linux)
• --max-rate=N[KMG] Only mine if net hashrate is less than specified value
• --max-diff=N Only mine if net difficulty is less than specified value
• -M --monit=URL Send basic stats to a monitoring server
• --monit-time=S Interval between two monitor requests (seconds)
• -c, --config=FILE load a JSON-format configuration file
• -V, --version display version information and exit
• -h, --help display this help text and exit

It uses the system's central processing unit (CPU) and/or graphical processing unit (GPU) resources to mine cryptocurrency. This behavior makes the system run abnormally slow.