Win32/CoinMiner [Threat Name] go to Threat

Win32/CoinMiner.YS [Threat Variant Name]

Category trojan
Size 1457664 B
Detection created Sep 23, 2015
Detection database version 12297
Aliases Trojan.Win32.Agentb.iaed (Kaspersky)
  Trojan.BtcMine.789 (Dr.Web)
Short description

Win32/CoinMiner.YS is a trojan that uses the hardware resources of the infected computer for mining the Darkcoin digital currency.

Installation

The trojan does not create any copies of itself.


The trojan is usually a part of other malware.


The trojan creates the following files:

  • %temp%\­msupdate71\­msupdate.7z (1315627 B)
  • %temp%\­msupdate71\­libcurl-4.dl1 (523635 B)
  • %temp%\­msupdate71\­libiconv-2.dl1 (949763 B)
  • %temp%\­msupdate71\­libidn-11.dl1 (211196 B)
  • %temp%\­msupdate71\­libintl-8.dl1 (114753 B)
  • %temp%\­msupdate71\­libwinpthread-1.dl1 (305490 B)
  • %temp%\­msupdate71\­zlib1.dl1 (116224 B)
  • %temp%\­msupdate71\­dwm.exe (913920 B, Win64/BitCoinMiner.U)
  • %temp%\­msupdate71\­msvcrt.dll (519680 B)
  • %temp%\­msupdate71\­proxy.conf (153 B)
Other information

Win32/CoinMiner.YS is a trojan that uses the hardware resources of the infected computer for mining the Darkcoin digital currency.


The trojan is active only when the user is in idle state for a certain amount of time.


The trojan performs no action if it detects a running process containing one of the following strings in its name:

  • taskmgr.exe
  • procexp.exe

The trojan executes the following files:

  • %temp%\­msupdate71\­dwm.exe (913920 B, Win64/BitCoinMiner.U)

Please enable Javascript to ensure correct displaying of this content and refresh this page.