Malware

Win32:BitCoinMiner-JH [Trj] (file analysis)

Malware Removal

The Win32:BitCoinMiner-JH [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32:BitCoinMiner-JH [Trj] virus can do?

  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32:BitCoinMiner-JH [Trj]?


File Info:

name: FAC1FBB7798982044E08.mlw
path: /opt/CAPEv2/storage/binaries/f1b84b22965f82b1477805369072ff5bb2282e8334c3905b1e2c40b8444b7af5
crc32: 55B73710
md5: fac1fbb7798982044e08e67a11f1f24b
sha1: 16c48a474072e9d0548c82b75ca7b189b544c4a6
sha256: f1b84b22965f82b1477805369072ff5bb2282e8334c3905b1e2c40b8444b7af5
sha512: e83a17359e254b74933380f657b964bd69f1783d22ac6403295807735bafaddf1f7f5481597b0cb7717e35857557bbeaacedf29846a58236bb3f2118ebf99064
ssdeep: 3072:q6Bop9RtOWkwpRI+M5mKsVFCzplpqYz7FHL+TuQCZL7hs3pn4d:aX6iMfQqRrhZfKpnK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T153347B117982C0F1D17302700AF8DBB6997DBDBA4B359DCBA7848B5D4AB41C2A7347A3
sha3_384: 81eb1eea8e95e794b207a5370fd7ca5423002655dc31010424a505b5277eafd67aebc9719ddd86da96443ffa7d4d7ffb
ep_bytes: e800890000e9000000006a146858c142
timestamp: 2014-09-22 20:43:52

Version Info:

0: [No Data]

Win32:BitCoinMiner-JH [Trj] also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanTrojan.GenericKDZ.95141
FireEyeGeneric.mg.fac1fbb779898204
CAT-QuickHealTrojan.Mauvaise.SL1
SkyhighBehavesLike.Win32.Trojan.dm
McAfeeTrojan-FESQ!FAC1FBB77989
MalwarebytesGeneric.Malware.AI.DDS
VIPRETrojan.GenericKDZ.95141
SangforMiner.Win32.Zusy_34.se2
Cybereasonmalicious.779898
BitDefenderThetaAI:Packer.E2E931FE1F
VirITTrojan.Win32.BtcMine.WT
SymantecTrojan.Coinbitminer
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/CoinMiner.CDI
ZonerTrojan.Win32.27867
APEXMalicious
AvastWin32:BitCoinMiner-JH [Trj]
ClamAVWin.Trojan.Coinminer-6750707-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKDZ.95141
NANO-AntivirusTrojan.Win32.Ulise.hhbmse
SophosTroj/Miner-MV
BaiduWin32.Trojan.Generic.b
F-SecureTrojan.TR/BitCoinMiner.Gen4
DrWebTrojan.BtcMine.591
ZillyaTrojan.CoinMiner.Win32.51329
TrendMicroCoinminer_MALXMR.SMMR-WIN32
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKDZ.95141 (B)
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=83)
JiangminTrojan/Banker.CoinMiner.d
GoogleDetected
AviraTR/BitCoinMiner.Gen4
VaristW32/Coinminer.IQ.gen!Eldorado
Antiy-AVLTrojan/Win32.CoinMiner.ty
Kingsoftmalware.kb.a.949
MicrosoftTrojan:Win32/Maener.C!bit
ArcabitTrojan.Generic.D173A5
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Trojan.PSE.1078PWZ
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Agent.R420153
Acronissuspicious
VBA32Trojan.Maener
ALYacTrojan.GenericKDZ.95141
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallCoinminer_MALXMR.SMMR-WIN32
RisingTrojan.CoinMiner!1.BC9C (CLASSIC)
YandexTrojan.GenAsa!4t/idwSUPAU
IkarusTrojan.Win32.Maener
FortinetW32/CoinMiner.TY!tr
AVGWin32:BitCoinMiner-JH [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)
alibabacloudTrojan:Win/Maener.A(dyn)

How to remove Win32:BitCoinMiner-JH [Trj]?

Win32:BitCoinMiner-JH [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment