Malware

About “Heur.Mint.Zard.25” infection

Malware Removal

The Heur.Mint.Zard.25 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Heur.Mint.Zard.25 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Detected script timer window indicative of sleep style evasion
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Creates a copy of itself

Related domains:

shadowgamer.vip

How to determine Heur.Mint.Zard.25?


File Info:

crc32: BB8334E1
md5: e618ed063bf38122b88117db5c58d0ec
name: bigxmr.exe
sha1: 2f8913ae99438b0ced935d86adcd86dc8678473f
sha256: 353d441414d7af5e5443febded597f82325e705cb815a2cd6fee1040bda5d647
sha512: 22eee0ba752ee72971edefb754bafe00c8c69ee61091f64510ad907c8f2b0047addee41a3dbd61b941f046e8806c531695f7934a92535686305bb943370a3e0e
ssdeep: 24576:FLFQaDwryBkjnYOvsltwui2pJInhUD5oQnWNwpR9lWPsjV7:VTkWBQTslzvD5ZnDXGY
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Heur.Mint.Zard.25 also known as:

BkavW32.SagonaireNTB.Trojan
MicroWorld-eScanGen:Heur.Mint.Zard.25
FireEyeGeneric.mg.e618ed063bf38122
CAT-QuickHealTrojan.CoinminerPMF.S10017176
Qihoo-360HEUR/QVM20.1.0901.Malware.Gen
McAfeeGenericRXAA-AA!E618ED063BF3
CylanceUnsafe
SangforMalware
BitDefenderGen:Heur.Mint.Zard.25
Cybereasonmalicious.63bf38
APEXMalicious
AvastWin32:CoinminerX-gen [Trj]
GDataGen:Heur.Mint.Zard.25
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.CoinMiner.gkomzp
TencentMalware.Win32.Gencirc.10b80147
Ad-AwareGen:Heur.Mint.Zard.25
ComodoApplication.Win32.CoinMiner.BEX@7pt9re
F-SecureTrojan.TR/ATRAPS.Gen
DrWebTrojan.Siggen8.58259
ZillyaTrojan.CoinMiner.Win32.24406
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.AdwareAdposhel.tc
Trapminemalicious.high.ml.score
EmsisoftGen:Heur.Mint.Zard.25 (B)
IkarusTrojan.Win32.CoinMiner
JiangminTrojan.Generic.ejbst
WebrootW32.Malware.gen
AviraTR/ATRAPS.Gen
Antiy-AVLTrojan/Win32.CoinMiner
Endgamemalicious (high confidence)
ArcabitTrojan.Mint.Zard.25
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/CoinMiner.BW!bit
AhnLab-V3Win-Trojan/Malpacked3.Gen
Acronissuspicious
BitDefenderThetaAI:Packer.005436841D
ALYacGen:Heur.Mint.Zard.25
MAXmalware (ai score=80)
VBA32BScope.Trojan.BtcMine
MalwarebytesRiskWare.BitCoinMiner
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/CoinMiner.BEX
RisingTrojan.CoinMiner!8.30A (RDMK:cmRtazoaWR33H2hAs2rCS+KlZ3hH)
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_99%
AVGWin32:CoinminerX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.7164915.susgen

How to remove Heur.Mint.Zard.25?

Heur.Mint.Zard.25 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment