MSIL/CoinMiner [Threat Name] go to Threat
MSIL/CoinMiner.AV [Threat Variant Name]
| Category | trojan |
| Size | 20480 B |
| Aliases | Trojan.Win32.Agent.xqos (Kaspersky) |
| Win32:BitCoinMiner-CM (Avast) | |
| TR/Agent.xqos (Avira) |
Short description
MSIL/CoinMiner.AV is a trojan that uses the hardware resources of the infected computer for mining the Bitcoin digital currency.
Installation
The trojan does not create any copies of itself.
The trojan is probably a part of other malware.
In order to be executed on every system start, the trojan sets the following Registry entry:
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Windows Update" = "%malwarefilepath%"
The trojan creates the following files:
- %currentfolder%\KB2656351_10.0.30301\taskmgn.exe
The file(s) may have the System (S) and Hidden (H) attributes present in attempt to hide the file in Windows Explorer.
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a URL address. The HTTP protocol is used in the communication.
The trojan uses the hardware resources of the infected computer for mining the Bitcoin digital currency.
The trojan runs the following process:
- %currentfolder%\KB2656351_10.0.30301\taskmgn.exe -o http://%randomipaddress%:%randomport% -u %variable%
A string with variable content is used instead of %variable% .