Trojan:Win64/CoinMiner!pz (file analysis)

The Trojan:Win64/CoinMiner!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win64/CoinMiner!pz virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan:Win64/CoinMiner!pz?


File Info:
name: 649CF4D3BC416F7C030D.mlw
path: /opt/CAPEv2/storage/binaries/b087406ada1549a0595e6e3ebeb9b73c752db1ab838e2ffd35ee47a655328c65
crc32: FA82DAB3
md5: 649cf4d3bc416f7c030d171a1dc974c5
sha1: 1a1759bc589f17bb27dca335530b8bd4c2641c43
sha256: b087406ada1549a0595e6e3ebeb9b73c752db1ab838e2ffd35ee47a655328c65
sha512: 0d7a1ae02dac766870097d06b2d4a962b7e896d5b98a8858600b8cedd35c3be55e678260fb5204ee260559d8f9ce0e491e05347be3afe42e544354e3db175dd7
ssdeep: 49152:sizre421aX3w0lHiWD6W95x2n+CVQtUVTRduAxrELm5L3USgab8TMVC7lzp:sizre/1sZZ6W95xTCVTrEa5LDgagGMz
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T16FC533469B6407E4F0539938BE11EE3119B764C74FB18AD78E93C6F06C197C90E3DA16
sha3_384: 06f91c4692971d51c5c9abdd75599bf625dcda9f448f349c628bbf140fbecf8ba4404945dc1a0060d4b2f49f6bfeab8f
ep_bytes: 4883ec28488b05d56e0000c700010000
timestamp: 2024-01-11 18:52:53

Version Info:
CompanyName: VideoLAN
FileTitle: vlc
FileDescription: VLC media player
FileVersion: 3,0,11,0
LegalCopyright: Copyright © 1996-2018 VideoLAN and VLC Authors
LegalTrademark: VLC media player, VideoLAN and x264 are registered trademarks from VideoLAN
ProductName: VLC media player
ProductVersion: 3,0,11,0
Translation: 0x0409 0x04e4

Trojan:Win64/CoinMiner!pz also known as:

Bkav	W64.AIDetectMalware
MicroWorld-eScan	Gen:Variant.Tedy.500137
Skyhigh	BehavesLike.Win64.Dropper.vh
Malwarebytes	Trojan.MalPack.Generic
VIPRE	Gen:Variant.Tedy.500137
K7AntiVirus	Trojan ( 005af85d1 )
K7GW	Trojan ( 005af85d1 )
Cybereason	malicious.c589f1
Arcabit	Trojan.Tedy.D7A1A9
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Kryptik.EDF
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Trojan.Win64.Reflo.pef
BitDefender	Gen:Variant.Tedy.500137
Avast	Win64:Evo-gen [Trj]
Emsisoft	Gen:Variant.Tedy.500137 (B)
Ikarus	Trojan.Win64.Krypt
Varist	W64/Kryptik.LJJ.gen!Eldorado
Antiy-AVL	Trojan/Win64.GenKryptik
Kingsoft	malware.kb.a.996
Microsoft	Trojan:Win64/CoinMiner!pz
ZoneAlarm	HEUR:Trojan.Win64.Reflo.pef
GData	Gen:Variant.Tedy.500137
Google	Detected
AhnLab-V3	Dropper/Win.DropperX-gen.R622355
ALYac	Gen:Variant.Tedy.500137
Rising	Trojan.Kryptik!8.8 (TFE:5:puXfYWFTsfG)
Fortinet	W64/GenKryptik.GQCB!tr
AVG	Win64:Evo-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Trojan:Win64/CoinMiner!pz?

Trojan:Win64/CoinMiner!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X