Risk

How to remove “RiskTool.Win32.Miner.gan”?

Malware Removal

The RiskTool.Win32.Miner.gan is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What RiskTool.Win32.Miner.gan virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • A file with an unusual extension was attempted to be loaded as a DLL.
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Executed a command line with /V argument which modifies variable behaviour and whitespace allowing for increased obfuscation options
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Attempts to modify Windows Defender using PowerShell

How to determine RiskTool.Win32.Miner.gan?


File Info:

name: 660E8EC64BE18B7C2EBD.mlw
path: /opt/CAPEv2/storage/binaries/3074176289f3f99121c0c8375cad4758a5302c3ba55a81ab4efe72ad5e4c674c
crc32: 06DFB859
md5: 660e8ec64be18b7c2ebdc3424da04d41
sha1: 9e3b8a767244d285c65c0a5a62d35b8f516ac193
sha256: 3074176289f3f99121c0c8375cad4758a5302c3ba55a81ab4efe72ad5e4c674c
sha512: ba9eafa781cfae3c9648be37adbf7c702e89affa357ab71c0ed68119a0464889bea7f44bd4595d7e8ad081d4b6e302bcc6f51b368d129df61b4b225a638e4a5d
ssdeep: 393216:W9YrFShbkIXvL3YOCVGyK2iglzlJ4xWs78peqE:ILAIXvRODiozlYr78gqE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T132F623AFB178252EC55F4A710572B220D97BBBD974268C1A03E8E50DEF734701E3B2A5
sha3_384: 25eef0bc4cf9a3408f49ac3d1fd8f2e880d51f341042136753f668a9e5b779939ee53a36ac017de79a1c031962e2ab1e
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2022-04-14 16:10:23

Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Honeygain
FileDescription: Honeygain Installer
FileVersion: 0.11.5.0
LegalCopyright: Copyright © 2022 Honeygain.
OriginalFileName: Honeygain_install.exe
ProductName: Honeygain
ProductVersion: 0.11.5.0
Translation: 0x0000 0x04b0

RiskTool.Win32.Miner.gan also known as:

McAfeeArtemis!660E8EC64BE1
Cybereasonmalicious.67244d
Paloaltogeneric.ml
Kasperskynot-a-virus:RiskTool.Win32.Miner.gan
McAfee-GW-EditionArtemis
Trapminesuspicious.low.ml.score

How to remove RiskTool.Win32.Miner.gan?

RiskTool.Win32.Miner.gan removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment