RiskTool.Win32.BitCoinMiner.ognt (file analysis)

The RiskTool.Win32.BitCoinMiner.ognt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What RiskTool.Win32.BitCoinMiner.ognt virus can do?

Unconventionial language used in binary resources: Spanish (Modern)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX

How to determine RiskTool.Win32.BitCoinMiner.ognt?


File Info:
crc32: 017ADB81
md5: 2680e3a6ddd2a6e79134efb273dab7ab
name: 2680E3A6DDD2A6E79134EFB273DAB7AB.mlw
sha1: c3972c995834b8bb702ceb8f9c5562c97c50b6e6
sha256: cf26dbb3d7489cccf15caa19da853df68f8e8ca731bf89e5ba284764dab3b00d
sha512: 1f2f4c05a71327dfdd8b395c6fdc6efa830fad38709455c704f48c74ddb07fd2124add208c1823941e27d1704453431f55eeab5f0fbe6be7878a7b16cd4cfa44
ssdeep: 12288:ulek7VIjqS/AttnfMznf81aW56jmi4EAEKw46Ye/WOw6iuex082+ueN3RqgW:UfKE8WHEm6Yjjduex082+VNh
type: PE32+ executable (console) x86-64, for MS Windows

Version Info:
LegalCopyright: Copyright xa9 Microsoft Corporation. Reservados todos los derechos.
InternalName: dxsetup.exe
FileVersion: 4.9.0.0904
CompanyName: Microsoft Corporation
ProductName: Microsoftxae DirectX para Windowsxae
ProductVersion: 4.9.0.0904
FileDescription: Depuracixf3n del programa de instalacixf3n de Microsoft DirectX
OriginalFilename: dxsetup.exe
Translation: 0x040a 0x04b0

RiskTool.Win32.BitCoinMiner.ognt also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.65744
FireEye	Generic.mg.2680e3a6ddd2a6e7
ALYac	Trojan.GenericKDZ.65744
Cylance	Unsafe
BitDefender	Trojan.GenericKDZ.65744
Cybereason	malicious.6ddd2a
Symantec	Miner.XMRig
ESET-NOD32	a variant of Win64/CoinMiner.PQ potentially unwanted
APEX	Malicious
Avast	Win64:CoinminerX-gen [Trj]
ClamAV	Win.Malware.Generickdz-9775964-0
Kaspersky	not-a-virus:RiskTool.Win32.BitCoinMiner.ognt
Ad-Aware	Trojan.GenericKDZ.65744
Emsisoft	Application.Generic (A)
DrWeb	Tool.BtcMine.2239
McAfee-GW-Edition	BehavesLike.Win64.CoinMiner.cc
Sophos	Troj/Agent-BCPO
Ikarus	Trojan.Win64.CoinMiner
Jiangmin	RiskTool.Generic.pkx
Avira	HEUR/AGEN.1135765
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	TrojanDownloader:Win32/Upatre
Gridinsoft	Trojan.Win64.CoinMiner.oa!s2
Arcabit	Trojan.Generic.D100D0
AhnLab-V3	Malware/Win64.Generic.C4014669
ZoneAlarm	not-a-virus:RiskTool.Win32.BitCoinMiner.ognt
GData	Trojan.GenericKDZ.65744
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	GenericRXAA-AA!2680E3A6DDD2
MAX	malware (ai score=88)
Malwarebytes	Upatre.Trojan.Downloader.DDS
Rising	Trojan.Win32/64.XMR-Miner!1.ADCC (TFE:5:cWlFX9xRAN)
Yandex	Trojan.GenAsa!Xy4KCITNuvE
Fortinet	W64/CoinMiner.X!tr
AVG	Win64:CoinminerX-gen [Trj]
MaxSecure	Trojan.Malware.121218.susgen

How to remove RiskTool.Win32.BitCoinMiner.ognt?

RiskTool.Win32.BitCoinMiner.ognt removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X