Win32/CoinMiner [Threat Name] go to Threat

Win32/CoinMiner.H [Threat Variant Name]

Category trojan
Size 363393 B
Detection created Oct 18, 2011
Detection database version 6553
Aliases Trojan.Win32.Buzus.lasi (Kaspersky)
  PWS-Zbot.gen.sv.trojan (McAfee)
  Worm:Win32/Dorkbot.A (Microsoft)
Short description

Win32/CoinMiner.H is a trojan that uses the hardware resources of the infected computer for mining the Bitcoin digital currency. The file is run-time compressed using RAR SFX .

Installation

When executed, the trojan creates the following files:

  • %userprofile%\­Start Menu\­Programs\­Startup\­x11.exe (303599 B, Win32/CoinMiner.H)

The file is then executed.


This way the trojan ensures that the file is executed on every system start.


The trojan creates and runs a new thread with its own program code within the following processes:

  • x11.exe
Other information

The trojan uses the hardware resources of the infected computer for mining the Bitcoin digital currency.


The trojan terminates its execution if it detects that it's running in a specific virtual environment.

Please enable Javascript to ensure correct displaying of this content and refresh this page.