Risk

RiskWare.BitCoinStealer.IdleBuddy removal guide

Malware Removal

The RiskWare.BitCoinStealer.IdleBuddy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What RiskWare.BitCoinStealer.IdleBuddy virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine RiskWare.BitCoinStealer.IdleBuddy?



File Info:

name: 93912C4267E15E4E1B60.mlw
path: /opt/CAPEv2/storage/binaries/54bd73795a2ef4d982fb779b615455ad076c9158655d4333604610bee00fb644
crc32: B39BC6EC
md5: 93912c4267e15e4e1b60fbfe6b14bf07
sha1: ba1b18d48465bc5047e34fc12e2a4a50e43f8ca5
sha256: 54bd73795a2ef4d982fb779b615455ad076c9158655d4333604610bee00fb644
sha512: 789b7455e235c1e8363edf4fafa4cf7b0262c8199a5bc0bbdc0a1d7c5424ea1893d93a99593ccf6c77c12f601e0df6f2cd1db41f0b91461f4db4804d38d054fb
ssdeep: 6144:xJMxyqFPLemh3Agp2KACgVqeQOVz56xy4:ExyqFPLe+37AeeTz56xy4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T167442863EAC0EE22DE7C67758413B35A00E58E732A71D70BFC6CFA6A243A5F82755041
sha3_384: 97862766583cbfd5b4d3efa431110fff66b9f7dff8384339d062d9e3b7b2f34a87bafb50f45874a3dfa919dfbf7cdde1
ep_bytes: ff250020400000000000000000000000
timestamp: 2019-08-12 18:56:46


Version Info:

Translation: 0x0000 0x04b0
Comments: BridleBuddles
CompanyName: COMPANY TIORAY LIMITED
FileDescription: BridleBuddlesClient
FileVersion: 1.0.7.5
InternalName: IBClientNet.exe
LegalCopyright: 2017-2019 (c) TIORAY LIMITED
LegalTrademarks: 
OriginalFilename: IBClientNet.exe
ProductName: BridleBuddles
ProductVersion: 1.0.7.5
Assembly Version: 1.0.7.5

RiskWare.BitCoinStealer.IdleBuddy also known as:

LionicRiskware.MSIL.BuddyMiner.1!c
MicroWorld-eScanGen:Variant.Strictor.262241
ALYacGen:Variant.Strictor.262241
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Adware.Agent.BI
TrendMicro-HouseCallTROJ_GEN.R002C0PL721
Kasperskynot-a-virus:HEUR:RiskTool.MSIL.BuddyMiner.gen
BitDefenderGen:Variant.Strictor.262241
Ad-AwareGen:Variant.Strictor.262241
EmsisoftGen:Variant.Strictor.262241 (B)
TrendMicroTROJ_GEN.R002C0PL721
McAfee-GW-EditionGenericRXOV-XT!93912C4267E1
FireEyeGen:Variant.Strictor.262241
SophosGeneric PUA LK (PUA)
GDataGen:Variant.Strictor.262241
JiangminRiskTool.MSIL.cqlt
AviraHEUR/AGEN.1142037
GridinsoftRansom.Win32.Gen.sa
ArcabitTrojan.Strictor.D40061
CynetMalicious (score: 99)
McAfeeGenericRXOV-XT!93912C4267E1
VBA32Trojan.MSIL.gen.m
MalwarebytesRiskWare.BitCoinStealer.IdleBuddy
SentinelOneStatic AI – Suspicious PE
FortinetRiskware/GenCBL
PandaTrj/CI.A

How to remove RiskWare.BitCoinStealer.IdleBuddy?

RiskWare.BitCoinStealer.IdleBuddy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment