Home / malware Trojan.Badminer
First posted on 08 April 2013.
Source: SecurityHomeAliases :
There are no other names known for Trojan.Badminer.
Explanation :
Trojan.Badminer is a Trojan horse that runs Bitcoin mining software.
When the Trojan is executed, it creates the following files:
- %Temp%[RANDOM NUMBER FILE NAME ONE].exe
- %Temp%[RANDOM NUMBER FILE NAME TWO].exe
- %Windir%info1
- %Windir%iplist.txt
- %Windir%sysdriver32.exe
The Trojan also creates the following registry subkeys:
- HKEY_LOCAL_MACHINESOFTWAREsysdriver32.exe
- HKEY_LOCAL_MACHINESOFTWAREsysteminfog
- HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessrvsysdriver32
The Trojan will then run one of the following Bitcoin mining programs:
If a GPGPU-enabled graphics card is found, it runs Phoenix Miner.
Otherwise it runs RPC Miner.
The Trojan the sends the mined Bitcoins to a predetermined location.Last update 08 April 2013
