Trojan:Win64/CoinMiner!pz removal instruction

The Trojan:Win64/CoinMiner!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win64/CoinMiner!pz virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan:Win64/CoinMiner!pz?


File Info:
name: 1994FEB1F6B36B12CC66.mlw
path: /opt/CAPEv2/storage/binaries/434a10b60036e6038bdcb4ade3cd6555234bece79f5c4a7f608b835ff03f23f7
crc32: 191D5A2A
md5: 1994feb1f6b36b12cc666200020ded7d
sha1: e08acdc5dd05d36a1705f44b39acb30d160a91f5
sha256: 434a10b60036e6038bdcb4ade3cd6555234bece79f5c4a7f608b835ff03f23f7
sha512: 14f13283faf08d4f09ad26716d869d8031d753adf83f009eeb1a408a497fc28b8fd1fbf98587da20a61f43243e3df03249294abe4219686500a2362f7a612736
ssdeep: 49152:UOqXRTiNsPJ1M8SVNA/BoeUZT7fqR1DS8EPviF6EpLqBgtSMVQw:RqXAyPE8SVeUZ/eFjDF686
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1D0C5331AD1B17C75DA2129702ECC5B6D1F93B4840BBE1CCB265F78F264203CA16E9A5F
sha3_384: cc30f459f2defdc7d5ac443e60553d211c5d55c32d274755ecc76b89a1cdfd4a45d29509689917a919a174aad1a1c639
ep_bytes: 4883ec28488b05d56e0000c700010000
timestamp: 2024-01-11 18:55:13

Version Info:
CompanyName: VideoLAN
FileTitle: vlc
FileDescription: VLC media player
FileVersion: 3,0,11,0
LegalCopyright: Copyright © 1996-2018 VideoLAN and VLC Authors
LegalTrademark: VLC media player, VideoLAN and x264 are registered trademarks from VideoLAN
ProductName: VLC media player
ProductVersion: 3,0,11,0
Translation: 0x0409 0x04e4

Trojan:Win64/CoinMiner!pz also known as:

Bkav	W64.AIDetectMalware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.Dropper.vh
Malwarebytes	Trojan.MalPack.Generic
VIPRE	Gen:Variant.Tedy.500137
K7AntiVirus	Trojan ( 005af85d1 )
K7GW	Trojan ( 005af85d1 )
CrowdStrike	win/malicious_confidence_100% (D)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Kryptik.EDF
APEX	Malicious
Kaspersky	HEUR:Trojan.Win64.Reflo.pef
BitDefender	Gen:Variant.Tedy.500137
MicroWorld-eScan	Gen:Variant.Tedy.500137
Avast	Win64:Evo-gen [Trj]
Emsisoft	Gen:Variant.Tedy.500137 (B)
Ikarus	Trojan.Win64.Krypt
GData	Gen:Variant.Tedy.500137
Google	Detected
Antiy-AVL	Trojan/Win64.GenKryptik
Arcabit	Trojan.Tedy.D7A1A9
ZoneAlarm	HEUR:Trojan.Win64.Reflo.pef
Microsoft	Trojan:Win64/CoinMiner!pz
Varist	W64/Kryptik.LJJ.gen!Eldorado
AhnLab-V3	Dropper/Win.DropperX-gen.R622355
ALYac	Gen:Variant.Tedy.500137
Rising	Trojan.Kryptik!8.8 (TFE:5:puXfYWFTsfG)
Fortinet	W64/GenKryptik.GQCB!tr
AVG	Win64:Evo-gen [Trj]
Cybereason	malicious.5dd05d
DeepInstinct	MALICIOUS

How to remove Trojan:Win64/CoinMiner!pz?

Trojan:Win64/CoinMiner!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X