Home / malware Program:Win32/CoinMiner.A
First posted on 23 August 2011.
Source: SecurityHomeAliases :
Program:Win32/CoinMiner.A is also known as Win-AppCare/Hacktool.786432 (AhnLab), W32/BitCoinMiner.D (Norman), RiskTool.BitCoinMiner!jxSff9Qdimk (VirusBuster), Win32/BitCoinMiner application (ESET), not-a-virus:RiskTool.Win32.BitCoinMiner (Ikarus), not-a-virus:RiskTool.Win32.BitCoinMiner.ac (Kaspersky), Bitcoin Miner (Sophos).
Explanation :
Program:Win32/CoinMiner.A is a free mining client for Windows that generates new digital coins in the BitCoin decentralized economy by performing highly complex computations. To generate these coins, Program:Win32/CoinMiner.A uses the computer's CPU resources intensively.
Top
Program:Win32/CoinMiner.A is a free mining client for Windows that generates new digital coins in the BitCoin decentralized economy by performing highly complex computations. To generate these coins, Program:Win32/CoinMiner.A uses the computer's CPU resources intensively.
Most of the time, it is bundled with Trojan:BAT/CoinMiner.A or other automation tools to control its behavior and performance. It may be running in a computer without the user's consent if dropped by other malware, such as Trojan:Win32/Comine.A.
Installation
Program:Win32/CoinMiner.A is bundled in packages together with Trojan:BAT/CoinMiner.A, which controls its behavior and performance in the computer.
The installation package usually drops the following files:
- %TEMP%\<random folder>\hstart.exe - a tool used to start a program in a hidden manner
- %TEMP%\<random folder>\mamatije.exe - detected as Program:Win32/CoinMiner.A
- %TEMP%\<random folder>\abudale.cmd - detected as Trojan:BAT/CoinMiner.A
or:
Execution
- %TEMP%\<random folder>\hsbc.exe - a tool used to start a program in a hidden manner
- %TEMP%\<random folder>\mamatije.exe - detected as Program:Win32/CoinMiner.A
- %TEMP%\<random folder>\hakonamatata.cmd - detected as Trojan:BAT/CoinMiner.A
Program:Win32/CoinMiner.A's command-line interface may appear similar to the following:
Analysis by Zarestel Ferrer
Last update 23 August 2011