Malware

About “Dropped:Generic.BAT.Miner.A.0A9D7933” infection

Malware Removal

The Dropped:Generic.BAT.Miner.A.0A9D7933 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Dropped:Generic.BAT.Miner.A.0A9D7933 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • The executable used a known stolen/malicious Authenticode signature
  • Attempts to interact with an Alternate Data Stream (ADS)

How to determine Dropped:Generic.BAT.Miner.A.0A9D7933?



File Info:

name: A0374BA0BAB1AE5A842E.mlw
path: /opt/CAPEv2/storage/binaries/042f92e5ed3bf64af1b41859d88a5396d4b57d0f9a67e71b0d73c98a4ebe294a
crc32: 722D62F3
md5: a0374ba0bab1ae5a842e0427d6adbf2d
sha1: a3138294570e4d6a870f4782e5a588f93539fe9d
sha256: 042f92e5ed3bf64af1b41859d88a5396d4b57d0f9a67e71b0d73c98a4ebe294a
sha512: e88e9f6c906c2f641f134b583b39c2ced6d8a01c5005c3d2f1120749f527b9e032de9cece9a42906dc62f15a924a500af58c0f7e1ca6a95928e113d7846cdcbe
ssdeep: 6144:q5aWbksiNTBQPrV6l2xeQUWJrtDmGXFuYjOMSAv7nSu5Ll2EsbPD1z:q5atNTCTdeQvJfXZWAv7x5B2XDx
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T121740144E2E205F7EAE6463101E6B46FAB35B324A765D8E7C34C299396435D1B23C3F8
sha3_384: 60499d9716e2f2d77b4ba67eb2aa9b459a1c4850bdaec9b6ee17ce27f7b9ce7226d96faa1fb8cde309a0bf38b15b7e6c
ep_bytes: 68ac00000068000000006868804100e8
timestamp: 2018-02-01 20:18:05


Version Info:

0: [No Data]

Dropped:Generic.BAT.Miner.A.0A9D7933 also known as:

MicroWorld-eScanDropped:Generic.BAT.Miner.A.0A9D7933
FireEyeGeneric.mg.a0374ba0bab1ae5a
ALYacDropped:Generic.BAT.Miner.A.0A9D7933
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Bingoml.clpf
K7AntiVirusTrojan-Downloader ( 0058865e1 )
AlibabaTrojanDownloader:Win32/Bingoml.3f7be34e
K7GWTrojan-Downloader ( 0058865e1 )
Cybereasonmalicious.4570e4
BitDefenderThetaGen:NN.ZexaF.34182.wuX@aqhv54g
CyrenW32/Trojan.WJUY-2881
SymantecML.Attribute.HighConfidence
ESET-NOD32BAT/TrojanDownloader.Agent.OIH
TrendMicro-HouseCallTROJ_GEN.R002C0WJ621
Paloaltogeneric.ml
KasperskyTrojan.Win32.Bingoml.clpf
BitDefenderDropped:Generic.BAT.Miner.A.0A9D7933
AvastWin32:Trojan-gen
TencentWin32.Trojan.Bingoml.Lipz
SophosMal/Generic-S
TrendMicroTROJ_GEN.R002C0WJ621
McAfee-GW-EditionArtemis!Trojan
EmsisoftDropped:Generic.BAT.Miner.A.0A9D7933 (B)
IkarusTrojan-Downloader.BAT.Agent
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataDropped:Generic.BAT.Miner.A.0A9D7933
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R444362
McAfeeArtemis!A0374BA0BAB1
MAXmalware (ai score=89)
VBA32Backdoor.MSIL.LightStone
APEXMalicious
RisingBackdoor.LightStone!8.1142E (CLOUD)
YandexTrojanSpy.SpyEyes!L6zLSqQsfoQ
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.124432401.susgen
FortinetAdware/Agent
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Dropped:Generic.BAT.Miner.A.0A9D7933?

Dropped:Generic.BAT.Miner.A.0A9D7933 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment