Home / malware Trojan:Win32/Minxer
First posted on 05 December 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Minxer.
Explanation :
Threat behavior
Installation
This threat can arrive on your PC disguised as an application, such as a key-generator for popular programs and operating systems. We have seen this threat bundled with installers that use the following file names:
- Adobe.Dreamweaver.CS4.10.0.CS4.keygen.exe
- BarTender.9.01.keygen.exe
- Windows_7_Starter_keygen.exe
When run, it creates a dynamic-link library file (.dll) with the following file name:
- %TEMP% \ mdi064.dll
It also creates %TEMP%\msupdate71 and installs a number of files into it, including:
- dwm.exe - detected as Trojan:Win64/Minxer
- indexer.exe
- libidn-11.dll
- libiconv-2.dll
- libcurl-4.dll
- msupdate.7z - archive containing all files contained in this folder
- zlib1.dll
Payload
Uses your PC for bitcoin mining
This threat launches the following bitcoin mining component:
- dwm.exe
This component uses your PC processing power to help generate bitcoins for a malicious hacker. It is launched by the .dll component and contacts a server at the following IP address:
- 54.200.248.75
Analysis by Amir Fouda
Symptoms
The following can indicate that you have this threat on your PC:
- You have these files:
Adobe.Dreamweaver.CS4.10.0.CS4.keygen.exe
BarTender.9.01.keygen.exe
%TEMP%\ mdi064.dll
%TEMP%\msupdate71
Windows_7_Starter_keygen.exeLast update 05 December 2014