MINERD.EXE – Trojan CoinMiner

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

MINERD.EXE – Trojan CoinMiner removal

FileMD5Virus Alias
MINERD.EXE edc4493c070bdabb0f6733a9c7f2f7a3 Trojan CoinMiner
MINERD.EXE edc4493c070bdabb0f6733a9c7f2f7a3 Trojan BitMiner
MINERD.EXE edc4493c070bdabb0f6733a9c7f2f7a3 Trojan Bitcoin
MINERD.EXE edc4493c070bdabb0f6733a9c7f2f7a3 Trojan SuspiciousFile
MINERD.EXE edc4493c070bdabb0f6733a9c7f2f7a3 Trojan Artemis
MINERD.EXE edc4493c070bdabb0f6733a9c7f2f7a3 Trojan Agent

MINERD.EXE size: 473565 bytes
MINERD.EXE hash: EDC4493C070BDABB0F6733A9C7F2F7A3

Created files:

%Local AppData%\FlashContainer\bin\bfg32\backtrace.dll
%Local AppData%\FlashContainer\bin\bfg32\bfgminer-rpc.exe
%Local AppData%\FlashContainer\bin\bfg32\bfgminer.exe
%Local AppData%\FlashContainer\bin\bfg32\libblkmaker-0.1-0.dll
%Local AppData%\FlashContainer\bin\bfg32\libblkmaker_jansson-0.1-0.dll
%Local AppData%\FlashContainer\bin\bfg32\libcurl-4.dll
%Local AppData%\FlashContainer\bin\bfg32\libjansson-4.dll
%Local AppData%\FlashContainer\bin\bfg32\libusb-1.0.dll
%Local AppData%\FlashContainer\bin\bfg32\pdcurses.dll
%Local AppData%\FlashContainer\bin\bfg32\pthreadGC2.dll
%Local AppData%\FlashContainer\bin\bfg32\scrypt130511.cl
%Local AppData%\FlashContainer\bin\bfg32\zlib1.dll
%Local AppData%\FlashContainer\bin\bfg64\backtrace.dll
%Local AppData%\FlashContainer\bin\bfg64\bfgminer-rpc.exe
%Local AppData%\FlashContainer\bin\bfg64\bfgminer.exe
%Local AppData%\FlashContainer\bin\bfg64\libblkmaker-0.1-0.dll
%Local AppData%\FlashContainer\bin\bfg64\libblkmaker_jansson-0.1-0.dll
%Local AppData%\FlashContainer\bin\bfg64\libcurl-4.dll
%Local AppData%\FlashContainer\bin\bfg64\libjansson-4.dll
%Local AppData%\FlashContainer\bin\bfg64\libusb-1.0.dll
%Local AppData%\FlashContainer\bin\bfg64\pdcurses.dll
%Local AppData%\FlashContainer\bin\bfg64\pthreadGC2.dll
%Local AppData%\FlashContainer\bin\bfg64\scrypt130511.cl
%Local AppData%\FlashContainer\bin\bfg64\zlib1.dll
%Local AppData%\FlashContainer\bin\miderd\libcurl-4.dll
%Local AppData%\FlashContainer\bin\miderd\minerd.exe
%Local AppData%\FlashContainer\bin\miderd\pthreadGC2.dll
%Local AppData%\FlashContainer\bin\miderd\zlib1.dll
%Local AppData%\FlashContainer\dll\hookdll.dll
%Local AppData%\FlashContainer\dll\hookdll64.dll
%Local AppData%\FlashContainer\rundll32.exe
%Local AppData%\FlashContainer\taskhost.exe

Autostart registry keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Host Process: “%WinDir%\System32\config\Systemprofile\Local Settings\Application Data\FlashContainer\rundll32.exe”

Detected by UnHackMe:

MINERD.EXE
Default location: %LOCAL APPDATA%\FLASHCONTAINER\BIN\MIDERD\MINERD.EXE

Dropper information:
MD5: 91c3f1af251700059b0ce11a6637d34e
File size: 2303488 bytes

Leave a Reply