PUA.Win64.ToolETH.A

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It does not have any propagation routine.

It does not have any backdoor routine.

It uses the system's central processing unit (CPU) and/or graphical processing unit (GPU) resources to mine cryptocurrency.

Arrival Details

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Propagation

This Potentially Unwanted Application does not have any propagation routine.

Backdoor Routine

This Potentially Unwanted Application does not have any backdoor routine.

Rootkit Capabilities

This Potentially Unwanted Application does not have rootkit capabilities.

Other Details

This Potentially Unwanted Application does the following:

• needs specific components to continue with its routine:
  • libcurl.dll
  • msvcp120.dll
  • msvcr120.dll
  • OpenCL.dll
  • cudart64_80.dll
• supports the following features:
  • OpenCL mining
  • Nvidia CUDA mining
  • realistic benchmarking against arbitrary epoch/DAG/blocknumber
  • on-GPU DAG generation (no more DAG files on disk)
  • stratum mining without proxy
  • OpenCL devices picking
  • farm failover (getwork + stratum)

It accepts the following parameters:

• Work farming mode:
  • -F,--farm → enable mining farm mode with the work server at URL (default: http://127.0.0.1:8545)
  • -FF,-FO, --farm-failover, --stratum-failover → failover getwork/stratum URL (default: disabled)
    • --farm-retries → # of retries until switch to failover (default:3)
    • -S, --stratum → enable stratum mode with the stratum server at host:port
    • -FS, --failover-stratum → failover stratum server at host:port
  • -O, --userpass → stratum login credentials
  • -FO, --failover-userpass → failover stratum login credentials (optional, will use normal credentials when omitted)
  • --work-timeout → reconnect/failover after n seconds of working on the same (stratum) job. (default: 180)
  • -SC, --stratum-client → stratum client version. (default: 1)
  • -SP, --stratum-protocol → choose which stratum protocol to use:
    • 0: official stratum spec: ethpool, ethermine, coinotron, mph, nanopool (default)
    • 1: eth-proxy compatible: dwarfpool, f2pool, nanopool
    • 2: EthereumStratum/1.0.0: nicehash
  • -SE, --stratum-email <[s]> → email address used in eth-proxy (optional)
  • --farm-recheck → leave n ms between checks for changed work (default: 500)
• Benchmarking mode:
  • -M [],--benchmark [] → benchmark for mining and exit; (optional: specify block number to benchmark against specific DAG)
  • --benchmark-warmup → set the duration of warmup for the benchmark tests (default: 3)
  • --benchmark-trial → set the duration for each trial for the benchmark tests (default: 3)
  • --benchmark-trials → set the duration of warmup for the benchmark tests (default: 5)
• Simulation mode:
  • -Z [],--simulation [] → mining test mode (optional: specify block number)
• Mining configuration:
  • -G,--opencl → use the GPU via OpenCL in mining
  • -U,--cuda → use the GPU via CUDA in mining
  • -X,--cuda-opencl → use OpenCL + CUDA in a system with mixed AMD/Nvidia cards.
  • --opencl-platform → when mining using -G/--opencl, use OpenCL platform n (default: 0)
  • --opencl-device → when mining using -G/--opencl, use OpenCL device n (default: 0)
  • --opencl-devices <0 1 ..n> → select which OpenCL devices to mine on (default: all)
  • -t, --mining-threads → limit number of CPU/GPU miners to n (default: use everything available)
  • --allow-opencl-cpu → allows CPU to be considered as an OpenCL device if the OpenCL platform supports it
  • --list-devices → list the detected OpenCL/CUDA devices and exit (used with -G or -U flag)
  • -L, --dag-load-mode → DAG generation modes:
    • parallel → load DAG on all GPUs at the same time (default)
    • sequential → load DAG on GPUs one after another (use when the miner crashes during DAG generation)
    • single → generate DAG on device n, then copy to other devices
  • --cl-extragpu-mem → set aside memory (in MB) for other than mining (default: 0)
  • --cl-local-work → set the OpenCL local work size (default: 64)
  • --cl-global-work → set the OpenCL global work size as a multiple of the localwork size (default: 4096 * 64)
  • --cuda-extragpu-mem → set the memory (in MB) for other than mining (default: 0)
  • --cuda-block-size → set the CUDA block work size (default: 128)
  • --cuda-grid-size → set the CUDA grid size (default: 8192)
  • --cuda-streams → set the number of CUDA streams (default: 2)
  • --cuda-schedule → set the schedule mode for CUDA threads waiting for CUDA devices to finish work; modes are:
    • auto → uses a heuristic based on the number of active CUDA contexts
    • spin → instruct CUDA to actively spin when waiting for results from the device
    • yield → instruct CUDA to yield its thread when waiting for results from the device
    • sync → instruct CUDA to block the CPU thread on a synchronization primitive when waiting for the results from the device (default)
  • --cuda-devices <0 1 ..n> → select which CUDA GPUs to mine on (default: all)
• General Options:
  • -v,--verbosity <0 - 9> → set the log verbosity from 0 to 9 (default: 8)
  • -V,--version → show the version
  • -h,--help → show help message

It does not exploit any vulnerability.

It uses the system's central processing unit (CPU) and/or graphical processing unit (GPU) resources to mine cryptocurrency. This behavior makes the system run abnormally slow.