Risk

About “RiskTool.Win32.Miner.ehy” infection

Malware Removal

The RiskTool.Win32.Miner.ehy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What RiskTool.Win32.Miner.ehy virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Network anomalies occured during the analysis.
  • Starts servers listening on 0.0.0.0:17136, 127.0.0.1:18136
  • Authenticode signature is invalid

How to determine RiskTool.Win32.Miner.ehy?



File Info:

name: 3ED2C3C3B28319A325CF.mlw
path: /opt/CAPEv2/storage/binaries/04b3d98a54bae4a9660a5ca3118584d52abaf2e0afb0334bcdc23ca9081dcf82
crc32: 0DE73D7E
md5: 3ed2c3c3b28319a325cf5ef2c039f243
sha1: 2ccb85b26d69b9866b2969d190aff39b34d11719
sha256: 04b3d98a54bae4a9660a5ca3118584d52abaf2e0afb0334bcdc23ca9081dcf82
sha512: d29986fbe47353600e1445ee5df6fd040eb21fc11af8b69e1d40019a250ea7bbca3b74238dbe6d70ee0f6298c733654bb4e672ad0ee6906f9dc1d1b99b1e2706
ssdeep: 49152:RjjCMmuwAUDbMcXpU1azFhARFky9AFZijFK:dCMCU5OyPjFK
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T11FC56D1AABA881E9C0ABD13CC5869A87E3B2B4458B7057DF0390065E2F777F15E3E711
sha3_384: dca47db61729a32c5983dc143f1eb88be15fa516a5c044ff4da8f220abafbabad579673bf0f07d172f5b2a116c67a0ce
ep_bytes: 4883ec28e8fb0800004883c428e972fe
timestamp: 2018-06-29 21:03:03


Version Info:

CompanyName: Cryptonote Foundation
FileDescription: Cryptonote network daemon
FileVersion: 3.0.3
InternalName: Cryptonote.exe
LegalCopyright: Copyright (C) 2010-2018, Cryptonote Developers
OriginalFilename: Cryptonote.exe
ProductName: Cryptonote
ProductVersion: 3.0.3
Translation: 0x0409 0x04b0

RiskTool.Win32.Miner.ehy also known as:

LionicRiskware.Win32.Miner.1!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.3ed2c3c3b28319a3
McAfeeArtemis!3ED2C3C3B283
CylanceUnsafe
K7AntiVirusAdware ( 005296881 )
K7GWAdware ( 005296881 )
CyrenW64/Trojan.VHED-6945
ESET-NOD32a variant of Win64/CoinMiner.GG potentially unwanted
Kasperskynot-a-virus:RiskTool.Win32.Miner.ehy
McAfee-GW-EditionBehavesLike.Win64.Generic.vh
SentinelOneStatic AI – Malicious PE
SophosGeneric PUA CM (PUA)
JiangminRiskTool.Miner.zu
GridinsoftRansom.Win64.Gen.sa
AhnLab-V3Win-Trojan/Miner3.Exp
YandexRiskware.Miner!emHzg6M/Avs
FortinetRiskware/Miner

How to remove RiskTool.Win32.Miner.ehy?

RiskTool.Win32.Miner.ehy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment