Malware

About “Win32/CoinMiner.BQL” infection

Malware Removal

The Win32/CoinMiner.BQL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/CoinMiner.BQL virus can do?

  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32/CoinMiner.BQL?



File Info:

name: 149688FDCB8B8556AE78.mlw
path: /opt/CAPEv2/storage/binaries/5879baa061b3ca045160042b24ca3515c5d49b242be36ee0c2f035adcf2f667d
crc32: 3C93867D
md5: 149688fdcb8b8556ae788ca83bb36526
sha1: 0830d22647d2e53a9e7938910ca0b52ba06585bf
sha256: 5879baa061b3ca045160042b24ca3515c5d49b242be36ee0c2f035adcf2f667d
sha512: 1fd9ecb23e1c6d174c16f539ac303d347ab8c5b3f0a4ef5582ce82dec52c37dc0dc156cdb1e4ea1981fb654f87bf9f2f3c57e454bf053898b8aaac9450117b9d
ssdeep: 768:yeMvtq5EQO50ss6mOY/XtO6QsS17ZyhFvQUJTTwFtUsDKyX8VWfzmyhMiG2HunKo:y3vtq5EQejMVywF4iSZGS8KVuNvAs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A8737C53F5C154F2D0260ABCAC1E862AED3E7D272D2E29867BEE194CCE2F6405D1D193
sha3_384: ce7d5b201902e7121a93f9dc644e3d71a010679cc2c39e1054746f343ac1cb69e039be1f9239c4a5147b0100d3f9302c
ep_bytes: 558bec83c4f033c08945f0b8c8f84000
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Client Server Runtime Process
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
InternalName: CSRSS.Exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: CSRSS.Exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.3.9600.16384
Translation: 0x0409 0x04b0

Win32/CoinMiner.BQL also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.eG0@rGCkQOok
FireEyeGeneric.mg.149688fdcb8b8556
ALYacGen:Trojan.Heur.eG0@rGCkQOok
CylanceUnsafe
ZillyaTrojan.CoinMiner.Win32.19958
SangforRiskware.Win32.Agent.ky
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/CoinMiner.f121dad4
K7GWTrojan ( 0053a8ef1 )
K7AntiVirusTrojan ( 0053a8ef1 )
BitDefenderThetaAI:Packer.2A6F03B11C
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/CoinMiner.BQL
TrendMicro-HouseCallTROJ_GEN.R002H0CB222
Paloaltogeneric.ml
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Trojan.Heur.eG0@rGCkQOok
NANO-AntivirusTrojan.Win32.CoinMiner.fgsnoh
AvastWin32:Malware-gen
TencentWin32.Trojan.Crypt.Dxww
Ad-AwareGen:Trojan.Heur.eG0@rGCkQOok
SophosMal/Generic-S
ComodoTrojWare.Win32.Spy.Banker.Gen@1qlojk
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.lh
EmsisoftGen:Trojan.Heur.eG0@rGCkQOok (B)
IkarusTrojan.Win32.Antavmu
GDataWin32.Trojan.PSE.1C7E5NV
JiangminTrojan.Generic.dmqpr
AviraTR/Crypt.FKM.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.2756EF8
GridinsoftRansom.Win32.Miner.sa
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftTrojan:Win32/Occamy.C58
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C2697702
McAfeeArtemis!149688FDCB8B
VBA32BScope.Trojan.CoinMiner
APEXMalicious
RisingTrojan.Tiggre!8.ED98 (CLOUD)
FortinetW32/CoinMiner.BQL!tr
AVGWin32:Malware-gen
Cybereasonmalicious.dcb8b8
PandaTrj/GdSda.A

How to remove Win32/CoinMiner.BQL?

Win32/CoinMiner.BQL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment