Trojan

Trojan:Win32/Bitcoinminer removal

Malware Removal

The Trojan:Win32/Bitcoinminer is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Bitcoinminer virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Trojan:Win32/Bitcoinminer?



File Info:

name: 64DC3869AD38A8246E3A.mlw
path: /opt/CAPEv2/storage/binaries/2ccacf1f783961edb733f10d1450ca566363727d11155e54f0a92f3369788d90
crc32: 70CD3DC1
md5: 64dc3869ad38a8246e3a73090c153933
sha1: d366605ba5c38c8c5b6b983827ab8632d1a1abbb
sha256: 2ccacf1f783961edb733f10d1450ca566363727d11155e54f0a92f3369788d90
sha512: 3ee8b70952494b51a9f5da50a9ebd8c73372d6be5215d4dfe5f65d32ea24aadbd3be85faa54603440e1bf2ea336228c7a48fac70751aebbfb94ef813f2add86c
ssdeep: 3072:xnUqoUsNG7iZ9X5FF6nhhq4Y9WMY7SjoNyjPx:pUZVG7UutYeS8WPx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T107D3B30375DCBCE6D0765631377787D1D72DFD140AA1CA6F22C4126A9A7C0837A22BEA
sha3_384: 72f711e04801475d7d5502bdd5cbf88ef08bbe8898cc576f38cba7ffc4f6038fc74b9685c1002704a2c583879842cc6b
ep_bytes: e8c2020000e98efeffff558beceb1fff
timestamp: 2018-02-17 23:05:58


Version Info:

CompanyName: Software Comerce
FileDescription: Installer and Uninstaller
FileVersion: 1.0.0.1
InternalName: install.exe
LegalCopyright: Copyright (C) 2018
OriginalFilename: install.exe
ProductName: Comerce software
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04b0

Trojan:Win32/Bitcoinminer also known as:

BkavW32.MokesajxoLTO.Trojan
LionicTrojan.Win32.CoinMiner.tpj4
MicroWorld-eScanGen:Variant.Ursu.104518
FireEyeGeneric.mg.64dc3869ad38a824
CAT-QuickHealTrojan.MauvaiseRI.S5252934
McAfeeGenericRXAA-AA!64DC3869AD38
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.GenericKD.4
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanDownloader:Win32/CoinMiner.82e740c5
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.9ad38a
BitDefenderThetaGen:NN.ZexaF.34114.iy0@aOGoPiai
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/TrojanDownloader.Agent.DWB
TrendMicro-HouseCallTROJ_GEN.R002C0DJN21
KasperskyTrojan.Win32.CoinMiner.vpf
BitDefenderGen:Variant.Ursu.104518
NANO-AntivirusTrojan.Win32.CoinMiner.eyfgnh
AvastWin32:Dropper-gen [Drp]
RisingDownloader.Agent!8.B23 (CLOUD)
Ad-AwareGen:Variant.Ursu.104518
EmsisoftGen:Variant.Ursu.104518 (B)
ComodoApplicUnwnt@#1u1149z7dhd1n
TrendMicroTROJ_GEN.R002C0DJN21
McAfee-GW-EditionBehavesLike.Win32.Generic.cm
SophosGeneric PUA ND (PUA)
IkarusTrojan.Win32.CoinMiner
GDataGen:Variant.Ursu.104518
JiangminTrojan.CoinMiner.akp
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1133076
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.CoinMiner
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Gen.sa
ArcabitTrojan.Ursu.D19846
ViRobotTrojan.Win32.Z.Agent.138240.HZ
MicrosoftTrojan:Win32/Bitcoinminer
CynetMalicious (score: 99)
VBA32Trojan.CoinMiner
ALYacGen:Variant.Ursu.104518
MalwarebytesMalware.AI.3774019917
APEXMalicious
TencentMalware.Win32.Gencirc.114cde4d
YandexTrojan.GenAsa!0tdE3LImro0
FortinetW32/Agent.DWB!tr
AVGWin32:Dropper-gen [Drp]
PandaTrj/GdSda.A

How to remove Trojan:Win32/Bitcoinminer?

Trojan:Win32/Bitcoinminer removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment