Malware

About “Win64/CoinMiner.IR” infection

Malware Removal

The Win64/CoinMiner.IR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win64/CoinMiner.IR virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid

How to determine Win64/CoinMiner.IR?



File Info:

name: 8E80A630B6D45FF6206F.mlw
path: /opt/CAPEv2/storage/binaries/e4628f2c49c1128f9e03dbaa1899baf6d9b3535acd67ac60fbc74aa4bae7dee7
crc32: 7FA46B55
md5: 8e80a630b6d45ff6206f42990601226a
sha1: 5e508c761af2399a3815a9803982b37c150df13d
sha256: e4628f2c49c1128f9e03dbaa1899baf6d9b3535acd67ac60fbc74aa4bae7dee7
sha512: 5bfcde3eb1522e92ef39025b85c5bf53c03340fd7f99913c598cb18c6544ee6d73dddf0a792c10737f0bd9ec6055f1eb9a6bf74edcbee610f4e828fbc16110d8
ssdeep: 6144:SqfbyMD/1cJxxIVQ4eVU2BXbQdU848XJu:Sqf7tcJ14eVUIQq8pJ
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T186542341DF5B7891DDA85032B1EDF417EC16F42052B72B692EC2684F37312169BEAB13
sha3_384: 82d31970e7cd8a807095a3f8b97995647b132f711175e175bb31dcc25364af69d920f9906b9b8ac03967a4e9eb996579
ep_bytes: 57565351524150488d05de0a0000488b
timestamp: 2018-03-30 13:20:19


Version Info:

0: [No Data]

Win64/CoinMiner.IR also known as:

MicroWorld-eScanTrojan.GenericKD.30536114
McAfeeArtemis!8E80A630B6D4
CylanceUnsafe
Cybereasonmalicious.0b6d45
SymantecLinux.Coinminer
ESET-NOD32a variant of Win64/CoinMiner.IR
APEXMalicious
BitDefenderTrojan.GenericKD.30536114
NANO-AntivirusTrojan.Win64.CoinMiner.fasoib
AvastWin64:Malware-gen
Ad-AwareTrojan.GenericKD.30536114
SophosMal/Generic-S
ComodoMalware@#3euhtz80wvj92
McAfee-GW-EditionBehavesLike.Win64.Trickbot.dc
FireEyeGeneric.mg.8e80a630b6d45ff6
EmsisoftTrojan.GenericKD.30536114 (B)
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.30536114
AviraTR/CoinMiner.doytj
MAXmalware (ai score=81)
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win64.Generic.C2485315
ALYacTrojan.GenericKD.30536114
MalwarebytesTrojan.BitCoinMiner
YandexTrojan.GenAsa!Jr6IdWJC1IM
IkarusPUA.CoinMiner
MaxSecureTrojan.Malware.300983.susgen
FortinetW64/CoinMiner.IR!tr
AVGWin64:Malware-gen
CrowdStrikewin/malicious_confidence_80% (D)

How to remove Win64/CoinMiner.IR?

Win64/CoinMiner.IR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment