Trojan

Trojan.BAT.Miner.hj removal tips

Malware Removal

The Trojan.BAT.Miner.hj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.BAT.Miner.hj virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • CAPE detected the CoinMiner02 malware family

Related domains:

wpad.local-net

How to determine Trojan.BAT.Miner.hj?



File Info:

name: DF372AC3EB76AC2E979B.mlw
path: /opt/CAPEv2/storage/binaries/e32f004878b8315b74c5c5943e47792da72c867603eb66ad49d32ad6be14ad73
crc32: 0EE4C562
md5: df372ac3eb76ac2e979b714838accbcf
sha1: 4fe5af3628c590024bebedfee3583739dc320792
sha256: e32f004878b8315b74c5c5943e47792da72c867603eb66ad49d32ad6be14ad73
sha512: 6a1750cfcb5b7a419fde0dcdc0ce32b50c502e8fd5607966ab2448f25338b23e6923ab1fd90339b322ac69d1eee42761f724ebb79a7d9d3c387a49c076158ddf
ssdeep: 98304:9iz+1C+zdkZRD/XSUMUuRaheLUXMkId/Rb+49/bi:kz0zdkHPtuAheLUXZM/Xe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T184063324BAD14030D4B32C3459F9FA70CB79BD501B608EDF6BE65A6CED318C066267B6
sha3_384: 77271ca388b433ce1f226aef25a07dc7c1994e6e4891193fe7f260fe7eca726d4583a2ef007462315c2f037f75926e86
ep_bytes: e805050000e98efeffff3b0db8f04200
timestamp: 2018-06-04 17:48:32


Version Info:

0: [No Data]

Trojan.BAT.Miner.hj also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.42974909
FireEyeGeneric.mg.df372ac3eb76ac2e
ALYacTrojan.GenericKD.42974909
CylanceUnsafe
SangforTrojan.Win32.Miner.gen
K7AntiVirusTrojan ( 0055b4a31 )
K7GWTrojan ( 0055b4a31 )
Cybereasonmalicious.3eb76a
CyrenW32/Risk.JOFN-3712
SymantecTrojan.Gen.MBT
ESET-NOD32multiple detections
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Tool.Kmsauto-6988298-0
KasperskyTrojan.BAT.Miner.hj
BitDefenderTrojan.GenericKD.42974909
NANO-AntivirusTrojan.Win64.Miner.gfqtuh
AvastWin32:Trojan-gen
RisingHackTool.XMRMiner!1.C2EC (CLASSIC)
Ad-AwareTrojan.GenericKD.42974909
SophosGeneric Reputation PUA (PUA)
ComodoMalware@#f99pe310a75s
DrWebTool.BtcMine.2110
VIPRETrojan.Win32.Generic!BT
TrendMicroCRCK_CRACK
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
EmsisoftTrojan.GenericKD.42974909 (B)
IkarusTrojan.Agent
GDataWin32.Application.CoinMiner.X
JiangminTrojan.Script.ahic
AviraHEUR/AGEN.1119227
Antiy-AVLTrojan/Generic.ASCommon.202
ArcabitTrojan.Generic.D28FBEBD
MicrosoftTrojan:Win32/CoinMiner.XI
CynetMalicious (score: 100)
AhnLab-V3HackTool/Win.KMSAuto.R430157
McAfeeArtemis!DF372AC3EB76
MAXmalware (ai score=87)
VBA32Trojan.Miner
MalwarebytesMalware.AI.3966286124
TencentBat.Trojan.Miner.Wtdn
YandexTrojan.Igent.bUDDf3.2
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_100%
FortinetRiskware/KMSAuto
AVGWin32:Trojan-gen
PandaTrj/CI.A
MaxSecureTrojan.Malware.73445238.susgen

How to remove Trojan.BAT.Miner.hj?

Trojan.BAT.Miner.hj removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment