Malware

Win32/CoinMiner.BDS malicious file

Malware Removal

The Win32/CoinMiner.BDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/CoinMiner.BDS virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Win32/CoinMiner.BDS?



File Info:

name: 4294B916C70395F7E73F.mlw
path: /opt/CAPEv2/storage/binaries/2c9891fd2a2c071b0713b6d88bf534d4f6e98faa3af6f62d4f17f9652c644f8e
crc32: B4F40299
md5: 4294b916c70395f7e73f858335f34ba7
sha1: 4d3f6283db5b0eb424f6e4022cc513325b61f3d1
sha256: 2c9891fd2a2c071b0713b6d88bf534d4f6e98faa3af6f62d4f17f9652c644f8e
sha512: 88e02c606528aa7ceecd97b59754478d83d2581d77560c0c79ee402277d5a052457239843aec75284f26aaec4a4d630ac834f5b4b380a78c606b6c688f6c52f1
ssdeep: 6144:nRMNOyjdueaukPQikn37gQd5YKAOAwtEWlu:nRMwMueaukoHjJeWu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18B549D10B691C436D4B252330A799B7B453DB9204F655ADFA3D80A2ECFB01D16B32BA7
sha3_384: 89720957f7382146637c0b06717c3084c8cf4e71a0b9a9781cd7c421f01116e7699ec14daaad9bf1afcb7125081ab1ca
ep_bytes: e8fe050000e98efeffffff25b8114300
timestamp: 2018-01-31 14:53:55


Version Info:

CompanyName:  Adobe Systems Incorporated
FileDescription: Adobe Download Manager
FileVersion: 2.0.0.163
InternalName: Update Manager
LegalCopyright: Copyright 2015 Adobe Systems Incorporated. All rights reserved.
OriginalFilename: Adobe Download Manager
ProductName: Adobe Download Manager
ProductVersion: 2.0.0.163s
Translation: 0x0400 0x04b0

Win32/CoinMiner.BDS also known as:

LionicTrojan.Win32.CoinMiner.4!c
FireEyeGeneric.mg.4294b916c70395f7
ALYacGen:Variant.Doina.7770
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Downloader.Gen
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/CoinMiner.10236107
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.6c7039
SymantecTrojan Horse
ESET-NOD32a variant of Win32/CoinMiner.BDS
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.CoinMiner.vkn
BitDefenderGen:Variant.Doina.7770
NANO-AntivirusTrojan.Win32.CoinMiner.exxazd
SUPERAntiSpywareHack.Tool/Gen-BitCoinMiner
MicroWorld-eScanGen:Variant.Doina.7770
AvastWin32:Miner-GK [Trj]
TencentMalware.Win32.Gencirc.11491a61
Ad-AwareGen:Variant.Doina.7770
SophosGeneric PUA EN (PUA)
ComodoMalware@#1lenj74hsjq5o
ZillyaTrojan.CoinMiner.Win32.7561
TrendMicroTROJ_GEN.R002C0DJN21
McAfee-GW-EditionBehavesLike.Win32.Dropper.dh
EmsisoftGen:Variant.Doina.7770 (B)
GDataGen:Variant.Doina.7770
WebrootTrojan.Dropper.Gen
AviraTR/Downloader.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.CoinMiner
ArcabitTrojan.Doina.D1E5A
MicrosoftTrojan:Win32/CoinMiner.QG!bit
AhnLab-V3Trojan/Win32.CoinMiner.C2401362
McAfeeArtemis!4294B916C703
VBA32BScope.Trojan.CoinMiner
MalwarebytesRiskWare.BitCoinMiner
TrendMicro-HouseCallTROJ_GEN.R002C0DJN21
RisingTrojan.Generic@ML.98 (RDMK:O/GYKeNtv/AaIZ80L+1xdw)
YandexTrojan.GenAsa!2yTkAPyVxJ8
IkarusTrojan.Win32.CoinMiner
eGambitUnsafe.AI_Score_73%
FortinetW32/CoinMiner.BDS!tr
BitDefenderThetaGen:NN.ZexaF.34084.rC0@a4z6bJoi
AVGWin32:Miner-GK [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.74371502.susgen

How to remove Win32/CoinMiner.BDS?

Win32/CoinMiner.BDS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment