Home / malware Trojan:BAT/MineBicoin.B
First posted on 23 June 2012.
Source: MicrosoftAliases :
Trojan:BAT/MineBicoin.B is also known as BAT/Miner.A (Command), BAT/Miner.BA (AVG), Trojan.BAT.Miner.i (Kaspersky), W32/Miner.A (Norman), BAT_MINER.LEX (Trend Micro), Bitcoin Miner (Sophos), W32/Miner.A.dropper (Norman).
Explanation :
Trojan:BAT/MineBicoin.B is a batch script that runs another program which results in the mining of Bitcoins, a decentralized digital currency.
Installation
This batch file is included in a self-extracting RAR file, which also contains a standard Bitcoin mining program, and another program used to hide windows.
When extracted, the RAR file launches the window-hiding program, which in turn launches the batch file detected as Trojan:BAT/MineBicoin.B. The batch file then launches the Bitcoin mining program, which runs usually without your knowledge.
The batch file may have any of the following file names:
- yz.bat
- gtest.cmd
The Bitcoin mining program, detected as Program:Win32/CoinMiner, may have any of the following file names:
- mamita.exe
- svchoost.exe
- cgminer.exe
The window-hiding program may have any of the following file names:
- hid.exe
- hsbc.exe
- hsbca.exe
Payload
Runs a program without consent
During execution of the dropper, it runs the window hiding program, which runs MineBicoin.B, which in turn runs the mining program. Any Bitcoins mined on your computer are recorded on the server "b.mobinil.biz:8332".
Analysis by Chris Stubbs
Last update 23 June 2012
