PUA

About “Claymore’s Ethereum Dual Miner (PUA)” infection

Malware Removal

The Claymore’s Ethereum Dual Miner (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Claymore’s Ethereum Dual Miner (PUA) virus can do?

  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Starts servers listening on 0.0.0.0:8800, :0
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Claymore’s Ethereum Dual Miner (PUA)?



File Info:

name: 9D4CC8B9EF68AE6DAFA2.mlw
path: /opt/CAPEv2/storage/binaries/4ad0e2a81a16640d54471949ac0bd2bef611f6e29d032c43627e73e4b925b03c
crc32: 844D47F9
md5: 9d4cc8b9ef68ae6dafa2d09282514f4d
sha1: 97dc880604d92590e30792c2beb2c5c8803a1b6a
sha256: 4ad0e2a81a16640d54471949ac0bd2bef611f6e29d032c43627e73e4b925b03c
sha512: 2110d5c04d268deddd3ab459e60bb3fcc6685c8e4c6690077a4bfe978d260c3c25447155dedbd68d861a0d295720000a7d4c7170cfcf3df83f35dcd20dd264c8
ssdeep: 49152:0StpNgj0Cnjkc9MDhGOnZExnX6SXZb/6KN2Oo6VDA5gC0hvRMjobnm+IIIIIIL3i:pnGpNCgAyLvSAnm3g
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T166065C127285E43ED0660B3B5C3BE765AC3DBB213A1299577BF4194C0F36680BD2E297
sha3_384: cae775d8faabaf82700ec1c4ca9a562295b8b56101e8fbd5d3b99875bf1763a0518593dfe04779d8c0c466802bbd37a9
ep_bytes: eb1066623a432b2b484f4f4b90e9ac00
timestamp: 2018-02-24 09:10:22


Version Info:

FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

Claymore’s Ethereum Dual Miner (PUA) also known as:

FireEyeGeneric.mg.9d4cc8b9ef68ae6d
CAT-QuickHealTrojan.IGeneric.S2169651
SangforTrojan.Win32.Save.a
K7AntiVirusAdware ( 00524e301 )
K7GWAdware ( 00524e301 )
VirITTrojan.Win32.BtcMine.DLQ
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/CoinMiner.FS potentially unwanted
APEXMalicious
NANO-AntivirusTrojan.Win32.BtcMine.eykufr
DrWebTrojan.BtcMine.2330
TrendMicroCoinminer_ETHEREUM.SM
McAfee-GW-EditionGenericRXPZ-PB!9D4CC8B9EF68
SophosClaymore’s Ethereum Dual Miner (PUA)
SentinelOneStatic AI – Suspicious PE
GDataWin32.Trojan.Agent.HT2WH9
Antiy-AVLTrojan/Generic.ASMalwS.50E3
McAfeeGenericRXPZ-PB!9D4CC8B9EF68
VBA32BScope.Trojan.Wacatac
MalwarebytesRiskWare.BitCoinMiner
TrendMicro-HouseCallCoinminer_ETHEREUM.SM
RisingTrojan.Generic@AI.91 (RDML:zj4iP0y1y6/onAnmB62gnw)
YandexTrojan.GenAsa!jtDLDht3YWo
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Miner

How to remove Claymore’s Ethereum Dual Miner (PUA)?

Claymore's Ethereum Dual Miner (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment