Malware

Should I remove “Win64/CoinMiner.ADZ”?

Malware Removal

The Win64/CoinMiner.ADZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win64/CoinMiner.ADZ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win64/CoinMiner.ADZ?



File Info:

name: 77346ADD94D8E066BDF6.mlw
path: /opt/CAPEv2/storage/binaries/04d09200223626b17bba790cfa49b985f640894886a79f365975eda3bab39d5f
crc32: 4273CEF8
md5: 77346add94d8e066bdf69a97f0a0e564
sha1: e0fca6796ae515f76a299766eed98ec2b46b9fa2
sha256: 04d09200223626b17bba790cfa49b985f640894886a79f365975eda3bab39d5f
sha512: 7243b93479b7bbed7a82dfcbbb9a19f3c837484b38ed51a1443fefe9a9de2862359f870042de8db53c80d5334af8d8ae555626220b246639f3a6a89ed13b4c3a
ssdeep: 12288:6JYv7LJFKHFMOV6W6nyyvinDzcmTfvyxKYNJ+E1P8oAuDkbF/o6l:KYv7fKlMOV6WMy/DQ6fvyxKYNiI2FAS
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1F3F47C75BBB410F9D167C13AC9128A27F2F2B416172097DF43A0876A2F236E95E3B711
sha3_384: 7bca80fa2452adabfab88d119fadccc4ae67fa6060fded3b75f09769e2b37d94fe0ca89da432c787f92b284776fbef68
ep_bytes: 4883ec28e8bb0500004883c428e976fe
timestamp: 2018-02-09 14:43:22


Version Info:

CompanyName: Idle Buddy Inc
FileDescription: IdleBuddy
FileVersion: 1.0.1.2
InternalName: IdleBuddy
LegalCopyright: Copyright (C) 2017
OriginalFilename: ibservice.exe
ProductName: IdleBuddy
ProductVersion: 1.0.1.2
Translation: 0x0409 0x04b0

Win64/CoinMiner.ADZ also known as:

LionicTrojan.Win32.Miner.4!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.77346add94d8e066
McAfeeArtemis!77346ADD94D8
CylanceUnsafe
AlibabaTrojan:Win64/CoinMiner.31e5f1c3
Cybereasonmalicious.d94d8e
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win64/CoinMiner.ADZ
APEXMalicious
Paloaltogeneric.ml
NANO-AntivirusRiskware.Win64.BtcMine.ivytvu
AvastWin64:Malware-gen
SophosGeneric PUA OA (PUA)
ComodoMalware@#30nv1fgab3oph
DrWebTool.BtcMine.1660
McAfee-GW-EditionArtemis
EmsisoftApplication.Miner (A)
IkarusAdWare.Opensupdater
JiangminTrojan.Miner.hnf
WebrootW32.Adware.Gen
Antiy-AVLTrojan/Generic.ASMalwS.247DB16
ViRobotAdware.Coinminer.732968
MicrosoftTrojan:Win32/Wacatac.A!ml
CynetMalicious (score: 100)
Acronissuspicious
MalwarebytesRiskWare.BitCoinMiner
TrendMicro-HouseCallTROJ_GEN.R002H0CIG21
SentinelOneStatic AI – Malicious PE
FortinetW64/CoinMiner.ADZ!tr
AVGWin64:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Win64/CoinMiner.ADZ?

Win64/CoinMiner.ADZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment