How to remove $RFMTH8W.exe

$RFMTH8W.exe

The module $RFMTH8W.exe has been detected as Trojan.CoinMiner

$RFMTH8W.exe
Remove $RFMTH8W.exe

File Details

Product Name:

XMRig
Company Name:

www.xmrig.com
MD5: 30843cdd1e1eb312d1cce94c3c826c88
Size: 1 MB
First Published: 2018-10-18 03:12:09 (5 years ago)
Latest Published: 2022-03-10 23:53:34 (2 years ago)
Status: Trojan.CoinMiner (on last analysis)
Analysis Date: 2022-03-10 23:53:34 (2 years ago)

Common Places:

%appdata%
%appdata%\adobe\x86v8
%sysdrive%\$recycle.bin
%system%\config\systemprofile\appdata\roaming
%sysdrive%\$recycle.bin\s-1-5-21-745511899-3870050724-1201370372-1000
%sysdrive%\$recycle.bin\s-1-5-21-655610334-2854561502-1213683250-1000
%sysdrive%
%appdata%
%appdata%
%appdata%

File Names:

NsCpuCNMiner32.exe
dether.exe
$RNHCZZJ.exe
$RFMTH8W.exe

Geography:

29.1%
6.6%
5.9%
5.4%
5.2%
5.2%
4.5%
4.3%
3.8%
2.8%
2.8%
2.8%
2.6%
2.6%
2.1%
1.4%
1.4%
1.2%
1.2%
0.9%
0.9%
0.7%
0.7%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%

OS Version:

Windows 7 67.1%
Windows Server 2008 R2 12.4%
Windows 10 7.9%
Windows Server 2012 R2 6.2%
Windows Vista 2.8%
Windows Server 2012 1.7%
Windows 8.1 1.7%
Windows 8 0.3%

Analysis

Subsystem: Windows CUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x00001500

PE Sections:

Name Size of data MD5
.text 1226240 0cbe6e4648bdff3055fbadd5092287ec
.data 2048 b30c61845b2c0c6adbb30d656345a43c
.rdata 82944 e4d2fcff1abaf149ceb59b643396a9f8
.eh_fram 145920 ae6cbfff48fa5965a90c5a45a6843d6e
.bss 0 00000000000000000000000000000000
.edata 1536 40052207829683fa93ebe1c4dde6acc2
.idata 9216 112ca0285799d6cb8afbca02928cf25c
.CRT 512 efb45552e31f267cbf06aa19d9566084
.tls 512 c61851aab890bbf876037a151530fc27
.rsrc 23808 113e2e8b7aa8220cbc61be8bbf1f2a8b
.reloc 28160 db57264f0799c55c3bcb93a0c88e7810

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for $RFMTH8W.exe
copyright for information about $RFMTH8W.exe