Home / malware Program:Win32/CoinMiner
First posted on 16 March 2012.
Source: MicrosoftAliases :
Program:Win32/CoinMiner is also known as Win-Appcare/Bitcoin.743936 (AhnLab), W32/BitCoinMiner.B (Norman), RiskTool.BitCoinMiner!SP8RvUesJfQ (VirusBuster), Tool.BtcMine.1 (Dr.Web), Win32/BitCoinMiner application (ESET), possible-Threat.Win32.BitCoinMiner (Ikarus), not-a-virus:RiskTool.Win32.BitCoinMiner.a (Kaspersky), Bitcoin Miner (Sophos), HKTL_BITCOINMINE (Trend Micro).
Explanation :
Program:Win32/CoinMiner is a free mining client for Windows that generates new digital coins in the BitCoin decentralized economy by performing highly complex computations. It may be running in a computer without the user's consent if dropped by other malware, such as Trojan:Win32/Comine.A. To generate these coins, Program:Win32/CoinMiner uses the system's CPU resources intensively.
Top
Program:Win32/CoinMiner is a free mining client for Windows that generates new digital coins in the BitCoin decentralized economy by performing highly complex computations. It may be running in a computer without the user's consent if dropped by other malware, such as Trojan:Win32/Comine.A. To generate these coins, Program:Win32/CoinMiner uses the system's CPU resources intensively.
Program:Win32/CoinMiner 's command-line interface may appear similar to the following:
It may be present in the computer with the following file names:
- %TEMP%\bitcoin-miner.exe
- %TEMP%\taskmgr.exe
- %TEMP%\svchost.exe
Some variants of Program:Win32/CoinMiner may also drop files in the following folders:
- %WINDIR%\ufa
- %WINDIR%\rpcminer
- %WINDIR%\phoenix
- %APPDATA%\WhileIdle
Analysis by Mihai Calota
Last update 16 March 2012
