Trojan

Trojan.Win64.Miner.aqca (file analysis)

Malware Removal

The Trojan.Win64.Miner.aqca is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win64.Miner.aqca virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Detects Bochs through the presence of a registry key
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.Win64.Miner.aqca?



File Info:

name: 46906E7FD13C3DC20714.mlw
path: /opt/CAPEv2/storage/binaries/e9ce0dbfcfa6eb3f0f59b41a63533f4fda1de6038a5717deba3f521ec1654033
crc32: 46BA9CF4
md5: 46906e7fd13c3dc20714dfe89f8b9af8
sha1: e19d34c34d332bc7257661bdac171148eca15340
sha256: e9ce0dbfcfa6eb3f0f59b41a63533f4fda1de6038a5717deba3f521ec1654033
sha512: 5132ca7bbe5f16296bc054f75fc603b53207ab82cf40e37bb2a9979698f828114aa47c7f29db99c1d091863b9407c3820ae60d7ac15eb8e389c8a08baa3b55d6
ssdeep: 98304:g/cG0DNRxI8lRTRQucv9GjZYq2YDXiyQY8HshnTALKGkeZz2+i6NBDRys2lHBw:HG0DNw8l7Rcvdq2YrZl8HYsz2eBAsE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D77602136A81903EE66286718C6FAE6045D87D775B3241DBF284FE1D2EF05C2B237A47
sha3_384: 3de4110aa208b03be8c92ce34d2012dc37b773255884d938c76e60004956fb026216801c5cfa2c26bb68ca6731bef607
ep_bytes: e8d6220100e939feffff558bec8b4514
timestamp: 2015-09-09 06:00:09


Version Info:

CompanyName: The Distributed Mathematical Computation Group
FileDescription: Setup Launcher Unicode
FileVersion: 4.3.0000
InternalName: Setup
LegalCopyright: Copyright (c) 2015 Flexera Software LLC. All Rights Reserved.
OriginalFilename: InstallShield Setup.exe
ProductName: SecuCurr
ProductVersion: 4.3.0000
Internal Build Number: 158438
ISInternalVersion: 22.0.347
ISInternalDescription: Setup Launcher Unicode
Translation: 0x0409 0x04b0

Trojan.Win64.Miner.aqca also known as:

LionicTrojan.Win64.Miner.4!c
McAfeeArtemis!46906E7FD13C
SangforTrojan.Win64.BitMin.aom
AlibabaTrojan:Win64/BitMin.2ccc2fd5
Elasticmalicious (high confidence)
ESET-NOD32multiple detections
Paloaltogeneric.ml
KasperskyTrojan.Win64.Miner.aqca
NANO-AntivirusTrojan.Win32.SvcMiner.eiyken
AvastFileRepMalware [Trj]
DrWebTrojan.MulDrop6.64601
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
IkarusTrojan.SvcMiner
KingsoftWin32.Troj.GenericKD.v.(kcloud)
MicrosoftTrojan:Win64/SvcMiner
MAXmalware (ai score=100)
VBA32Trojan.MulDrop
TrendMicro-HouseCallTROJ_GEN.R002H07CD22
YandexTrojan.Agent!Ahyo2FnaL6s
MaxSecureTrojan.Malware.11146943.susgen
AVGFileRepMalware [Trj]
PandaTrj/CI.A

How to remove Trojan.Win64.Miner.aqca?

Trojan.Win64.Miner.aqca removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment