Home / malware Trojan:Win64/SvcMiner.A
First posted on 19 February 2015.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win64/SvcMiner.A.
Explanation :
Threat behavior
Installation
This threat can use your PC to mine for bitcoins. It can be installed by third-party software bundlers, such as installers for software cracks and key generators. We have also seen this threat downloaded by the following malware:
- Ransom:Win32/Warik.A
- Trojan:Win32/Deminnix.gen!B
- Trojan:Win32/Maener.B
The bitcoin miner is usually installed with a legitimate process name. For example, we have seen it use the following file names:
- svchost.exe
- Win Defender.exe
- wuauclt.exe
The malware creates the following files on your PC:
- %SystemDrive%\winddk\tmp-1.bin
- %SystemDrive% \winddk\winddk.exe
Payload
Uses your PC to mine for bitcoins
This threat can use your PC to mine for bitcoins. This activity can make your PC run slower than usual.
We have seen the malware try to connect to the following server to update itself and download a configuration file:
- 82.146.54.187
The configuration file includes instructions for bitcoin mining activities. It can also include instruction to perform a denial of service (DoS) attack.
The malware also connects to the following legitimate bitcoin-mining website:
- Minergate.com
Collects information about your PC
This threat can collect information about your PC and upload it to a remote server, including information about your:
- Antimalware product
- Firewall
- Video card
- Windows security settings
Additional information
Creates a mutex
This malware can create the mutex Raum-with-Me. This can be an infection marker to prevent more than one copy of the threat running on your PC.
Analysis by Meths Ferrer
Symptoms
The following can indicate that you have this threat on your PC:
- You have these files:
- %SystemDrive%\winddk\tmp-1.bin
- %SystemDrive%\winddk\winddk.exe
Last update 19 February 2015