Win32/CoinMiner [Threat Name] go to Threat

Win32/CoinMiner.CT [Threat Variant Name]

Category trojan
Size 244317 B
Detection created May 06, 2013
Detection database version 10095
Aliases Trojan:Win32/Vicenor.gen!B (Microsoft)
  Bitcoinminer (Symantec)
  Application.Bitcoinminer.BC (BitDefender)
Short description

Win32/CoinMiner.CT is a trojan that uses the hardware resources of the infected computer for mining the Bitcoin digital currency. The file is run-time compressed using RLPack .

Installation

When executed, the trojan copies itself into the following location:

  • %temp%\­minerd.exe

The trojan creates the following files:

  • %temp%\­libcurl-4.dll (302592 B)
  • %temp%\­pthreadGC2.dll (72206 B)
Other information

The trojan uses the hardware resources of the infected computer for mining the Bitcoin digital currency.


The trojan launches the following processes:

  • minerd.exe -a scrypt  -s 20 --no-longpoll -q -o www.o%removed%:443 -u a%removed% -p -x

The trojan creates and runs a new thread with its own code within these running processes.


The trojan may set the following Registry entries:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "WINSXS32" = "%malwarefilepath%"

This causes the trojan to be executed on every system start.

Please enable Javascript to ensure correct displaying of this content and refresh this page.