Report - github.com/BitcoinInterestOfficial/BitcoinInterest/releases/download/2.1/progpowminer-amd-windows-0.16_final.zip

Report Overview

Submitted URL
github.com/BitcoinInterestOfficial/BitcoinInterest/releases/download/2.1/progpowminer-amd-windows-0.16_final.zip
IP
140.82.121.4
ASN
#36459 GITHUB
Submitted
2024-04-20 10:07:33
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	566 B	4.0 kB	140.82.121.4
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2024-04-20	1.0 kB	1.4 MB	185.199.108.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/115038373/44b4cf80-c561-11e8-85ef-b180d7d5c42a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240420%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240420T100707Z&X-Amz-Expires=300&X-Amz-Signature=d0df217bdf10aeb0feb8991817e0f01c625642cb64acaccdd00351852fe486b7&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=115038373&response-content-disposition=attachment%3B%20filename%3Dprogpowminer-amd-windows-0.16_final.zip&response-content-type=application%2Foctet-stream
IP
185.199.108.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.4 MB (1412819 bytes)
Hash
bad21412933797f7be107be05d783fc0
40e78500775e81f43bbd158f087172b9e8b2ca54
2ba7f003cba5d81d69b63d45cf8c65f099a7d77bf04aa398524cef294754fe91

Archive (40)

Filename

Md5

File type

ethash_baffin_lws128.bin

2522068d75f78b26b88596f5b982c5ab

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_baffin_lws128.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_tonga_lws192.bin

87266567aefc455b5e5ab6ca159b6f18

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_tonga_lws192.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_gfx901_lws192.bin

de95c0b5d3433859b740c592f9916c86

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_gfx901_lws192.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_ellesmere_lws256.bin

b9667e9fb397b0c35dd0d606313fe797

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_ellesmere_lws256.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_tonga_lws256.bin

ced87c2dfe90d023b2a1141d2fb4ef53

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_tonga_lws256.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_gfx901_lws256.bin

945d79bf0ec078df3ccae373bd8b334b

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_gfx901_lws256.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_ellesmere_lws192.bin

899dec3b1090acdc4f9a85bfce1df7ba

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_ellesmere_lws192.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_tonga_lws64.bin

8aaa9ce4ac4b8476790fe3ee1328bd67

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_tonga_lws64.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_ellesmere_lws64.bin

da9ed0dfbecbc6384b6510b3349a9aed

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_ellesmere_lws64.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_gfx901_lws64.bin

606e29709369932ec00c474d0b51e9d5

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_gfx901_lws64.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_tonga_lws128.bin

84186079b2bc184756d660f1073a4bf9

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_tonga_lws128.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_gfx901_lws128.bin

b81ecfbf02a3ce66e6e698f0e4a0d79b

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_gfx901_lws128.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_baffin_lws64.bin

9048539b94fc9b90e0687f754f7c321c

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_baffin_lws64.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_baffin_lws192.bin

6d5b707330115f8f6c6b7fd8c24ee9a6

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_baffin_lws192.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_baffin_lws256.bin

b15cf685fb666b60f5bcd8a07c82028b

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_baffin_lws256.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

ethash_ellesmere_lws128.bin

e7ef7ea3ffb6467cf5f4a3ba4e364b38

ELF 64-bit LSB executable, *unknown arch 0xffffaf5b* version 1 (SYSV)

._ethash_ellesmere_lws128.bin

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

._kernels

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

.DS_Store

d78b78143368edce56f4aa15e5f899d1

Apple Desktop Services Store

._.DS_Store

b9a94cc8f4aac450fb21641eaf065c6d

AppleDouble encoded Macintosh file

start.bat

cac4bd9f99aa8ea96d2fa57376609d9e

ASCII text, with CRLF line terminators

._start.bat

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

progpowminer-amd.exe

257585f3e7673740fdfde124e58a9a6d

PE32+ executable (console) x86-64, for MS Windows, 8 sections

._progpowminer-amd.exe

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

._progpowminer-amd-windows-0.16_final

04a835aecd855fd5706662ef1dd0f1d6

AppleDouble encoded Macintosh file

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
Public Nextron YARA rules	malware	Detects mining pool protocol string in Executable
VirusTotal	malicious	VirusTotal - Scan result 21/59

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/BitcoinInterestOfficial/BitcoinInterest/releases/download/2.1/progpowminer-amd-windows-0.16_final.zip

140.82.121.4

302 Found

0 B

URL User Request GET HTTP/2
github.com/BitcoinInterestOfficial/BitcoinInterest/releases/download/2.1/progpowminer-amd-windows-0.16_final.zip
IP
140.82.121.4:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /BitcoinInterestOfficial/BitcoinInterest/releases/download/2.1/progpowminer-amd-windows-0.16_final.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Sat, 20 Apr 2024 10:07:07 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/115038373/44b4cf80-c561-11e8-85ef-b180d7d5c42a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240420%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240420T100707Z&X-Amz-Expires=300&X-Amz-Signature=d0df217bdf10aeb0feb8991817e0f01c625642cb64acaccdd00351852fe486b7&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=115038373&response-content-disposition=attachment%3B%20filename%3Dprogpowminer-amd-windows-0.16_final.zip&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 8504:337554:30DD29CD:31474996:662393CA
X-Firefox-Spdy: h2

objects.githubusercontent.com/github-production-release-asset-2e65be/115038373/44b4cf80-c561-11e8-85ef-b180d7d5c42a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240420%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240420T100707Z&X-Amz-Expires=300&X-Amz-Signature=d0df217bdf10aeb0feb8991817e0f01c625642cb64acaccdd00351852fe486b7&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=115038373&response-content-disposition=attachment%3B%20filename%3Dprogpowminer-amd-windows-0.16_final.zip&response-content-type=application%2Foctet-stream

185.199.108.133

200 OK

1.4 MB

URL User Request GET HTTP/2
objects.githubusercontent.com/github-production-release-asset-2e65be/115038373/44b4cf80-c561-11e8-85ef-b180d7d5c42a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240420%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240420T100707Z&X-Amz-Expires=300&X-Amz-Signature=d0df217bdf10aeb0feb8991817e0f01c625642cb64acaccdd00351852fe486b7&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=115038373&response-content-disposition=attachment%3B%20filename%3Dprogpowminer-amd-windows-0.16_final.zip&response-content-type=application%2Foctet-stream
IP
185.199.108.133:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.4 MB (1412819 bytes)
Hash
bad21412933797f7be107be05d783fc0
40e78500775e81f43bbd158f087172b9e8b2ca54
2ba7f003cba5d81d69b63d45cf8c65f099a7d77bf04aa398524cef294754fe91

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 21/59

HTTP Headers

GET /github-production-release-asset-2e65be/115038373/44b4cf80-c561-11e8-85ef-b180d7d5c42a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240420%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240420T100707Z&X-Amz-Expires=300&X-Amz-Signature=d0df217bdf10aeb0feb8991817e0f01c625642cb64acaccdd00351852fe486b7&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=115038373&response-content-disposition=attachment%3B%20filename%3Dprogpowminer-amd-windows-0.16_final.zip&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-md5: utIUEpM3l/e+EHvgXXg/wA==
last-modified: Mon, 06 Dec 2021 19:56:50 GMT
etag: "0x8D9B8F28B0ABCDB"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 368520da-001e-0048-3d09-93fc62000000
x-ms-version: 2020-10-02
x-ms-creation-time: Mon, 16 Aug 2021 18:35:42 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=progpowminer-amd-windows-0.16_final.zip
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 0
date: Sat, 20 Apr 2024 10:07:07 GMT
x-served-by: cache-iad-kiad7000055-IAD, cache-hel1410031-HEL
x-cache: HIT, MISS
x-cache-hits: 3, 0
x-timer: S1713607627.193849,VS0,VE497
content-length: 1412819
X-Firefox-Spdy: h2