Malware

Mal/Miner-AY (file analysis)

Malware Removal

The Mal/Miner-AY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Miner-AY virus can do?

  • Sample contains Overlay data
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Mal/Miner-AY?



File Info:

name: 1BBCA9FD4BF4C22C6C97.mlw
path: /opt/CAPEv2/storage/binaries/776464528e941baf61560cf2e6f91cb937b05e207dd36ed8770b1d9f1926bdfe
crc32: 02125BD3
md5: 1bbca9fd4bf4c22c6c97d1387b926325
sha1: 496f3c89dd57bbf727a0936da5f67d988d266bcc
sha256: 776464528e941baf61560cf2e6f91cb937b05e207dd36ed8770b1d9f1926bdfe
sha512: aad46693f988d3e80c9fa09201bdd36725b5e39d004e21651f571165d283a22b869084b4b46c555fd378160dedd0753a670b3790b4445bb286fa219a9d8ba03f
ssdeep: 6144:uMooVQnnOBccnskYPmTpUxrr1XRA7WHxWoN+J0EafCUSYibN64G8:hQnO/s1mTpG5bUo4bafVibdB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16B34013528B81F04D0526335B1075F3196F89B1F377A129EEBFE57B9B1E0A1119630DA
sha3_384: 33db7cc37d557476bb8d7a479532671a63f50fb33d32f39170cfdbfd99a7e3586cc4ac572046ceda61cc53f44ef65738
ep_bytes: 60be00d0c1018dbe00407efe57eb0b90
timestamp: 2023-02-06 04:17:03


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Host Process for Windows Service
FileVersion: 2.0.0.0
InternalName: sqhost.exe
LegalCopyright: Copyright (C) 2016
OriginalFilename: sqhost.exe
ProductName: sqhost.exe
ProductVersion: 2.0.0.0
Translation: 0x0409 0x04b0

Mal/Miner-AY also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Agent.Y!c
MicroWorld-eScanGen:Trojan.Heur.pm1@tSs!sUai
FireEyeGeneric.mg.1bbca9fd4bf4c22c
McAfeeGenericRXAA-AA!1BBCA9FD4BF4
Cylanceunsafe
ZillyaTrojan.Kryptik.Win32.4022376
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0059ebec1 )
AlibabaTrojanDownloader:Win32/Avemaria.eb7c6e68
K7GWTrojan ( 0059ebec1 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITTrojan.Win32.Genus.NTV
CyrenW32/Kryptik.GHM.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-Downloader.Win32.Agent.gen
BitDefenderGen:Trojan.Heur.pm1@tSs!sUai
AvastWin32:CoinminerX-gen [Trj]
TencentMalware.Win32.Gencirc.10bea230
EmsisoftGen:Trojan.Heur.pm1@tSs!sUai (B)
F-SecureTrojan.TR/Crypt.FKM.Gen
VIPREGen:Trojan.Heur.pm1@tSs!sUai
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
Trapminesuspicious.low.ml.score
SophosMal/Miner-AY
IkarusTrojan.Win32.AveMaria
AviraTR/Crypt.FKM.Gen
Antiy-AVLTrojan/Win32.AveMaria
ArcabitTrojan.Heur.E3E81F
ZoneAlarmHEUR:Trojan-Downloader.Win32.Agent.gen
GDataGen:Trojan.Heur.pm1@tSs!sUai
GoogleDetected
AhnLab-V3Trojan/Win.CoinMiner.R413841
Acronissuspicious
BitDefenderThetaAI:Packer.F9B4817223
ALYacGen:Trojan.Heur.pm1@tSs!sUai
MAXmalware (ai score=82)
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
RisingDownloader.Agent!8.B23 (TFE:5:BKJiKD9RoJF)
YandexTrojan.Kryptik!uEhNkhvfj88
SentinelOneStatic AI – Suspicious PE
MaxSecureDownloader.W32.Agent.pef
FortinetW32/Agent.FKM!tr
AVGWin32:CoinminerX-gen [Trj]
Cybereasonmalicious.d4bf4c
DeepInstinctMALICIOUS

How to remove Mal/Miner-AY?

Mal/Miner-AY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment