Risk

What is “RiskTool.Win32.BitCoinMiner.xhe”?

Malware Removal

The RiskTool.Win32.BitCoinMiner.xhe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What RiskTool.Win32.BitCoinMiner.xhe virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine RiskTool.Win32.BitCoinMiner.xhe?


File Info:

name: 8817F71626E3E08FD716.mlw
path: /opt/CAPEv2/storage/binaries/2fde67f30bb244a23e20e88451d5a265a6630a886b9baaf77f62201fd27948ec
crc32: CC1069DE
md5: 8817f71626e3e08fd716a73bed3e676e
sha1: f101225703e5dcf89e57557d92b48b3fe152a943
sha256: 2fde67f30bb244a23e20e88451d5a265a6630a886b9baaf77f62201fd27948ec
sha512: 98c862131690189b012c864ee0529fb9be21b7df77ef6daea2b46774c8a2b803eac059e0e79f7d8765a73f569a3821e57fa56a73ed8e8b9e35e8a5b0de628554
ssdeep: 24576:WkqeTrhWCzAVVF3MmJ7/TirAiCtKas67nF/Ydozohsa:WCTrhdzAVVfRT1iCth/YC3a
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13D353910FBD388F6E9170D35409BF33FAB34AA15C522DF56FFA42917B923A468569308
sha3_384: faf03009d73ae9b349405d0a9263cf7c59f5be56c94a32e8a1c34610a0d916719217f3a316e6fec69426c3974c5b7e7d
ep_bytes: 5589e583ec18c7042402000000ff1538
timestamp: 2014-10-16 18:23:27

Version Info:

0: [No Data]

RiskTool.Win32.BitCoinMiner.xhe also known as:

LionicRiskware.Win32.BitCoinMiner.1!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.8817f71626e3e08f
CAT-QuickHealRisktool.Bitcoinmin.21104
McAfeeW32/CoinMiner
CylanceUnsafe
VIPREVirTool.Win32.Obfuscator.hg!b1 (v)
SangforSuspicious.Win32.Riskware.R
K7GWTrojan ( 004b4dad1 )
K7AntiVirusTrojan ( 004b4dad1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/CoinMiner.BF potentially unwanted
AvastWin32:Malware-gen
CynetMalicious (score: 99)
Kasperskynot-a-virus:RiskTool.Win32.BitCoinMiner.xhe
AlibabaRiskWare:Win32/Miners.67d7f83a
NANO-AntivirusRiskware.Win32.BitCoinMiner.dkinfa
RisingMalware.Undefined!8.C (C64:YzY0OifEmOFpuhDx)
SophosBitcoin Miner (PUA)
ComodoApplicUnwnt@#rhfslz9k3dhy
DrWebTrojan.BtcMine.607
McAfee-GW-EditionW32/CoinMiner
APEXMalicious
JiangminRiskTool.BitCoinMiner.dd
WebrootW32.Malware.Heur
AviraHEUR/AGEN.1126462
Antiy-AVLTrojan/Generic.ASMalwS.CE48A7
GridinsoftRansom.Win32.Miner.sa
GDataWin32.Riskware.BitcoinMiner.R
AhnLab-V3Trojan/Win32.BitCoinMiner.C259702
PandaTrj/CI.A
YandexRiskware.Agent!zOeOFJyL6E4
FortinetRiskware/CoinMiner
AVGWin32:Malware-gen
Cybereasonmalicious.703e5d

How to remove RiskTool.Win32.BitCoinMiner.xhe?

RiskTool.Win32.BitCoinMiner.xhe removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment