How to remove $RYV1388.exe

» File
File Details
Overview
Analysis

$RYV1388.exe

The module $RYV1388.exe has been detected as Risk.CoinMiner

$RYV1388.exe

Remove $RYV1388.exe

File Details

Main Info:

MD5:	e370174787b25aa870e04908737a6dba
Size:	689 KB
First Published:	2017-11-26 22:08:35 (6 years ago)
Latest Published:	2021-11-30 21:20:08 (2 years ago)

Analysis:

Status:	Risk.CoinMiner (on last analysis)
Analysis Date:	2021-11-30 21:20:08 (2 years ago)

Common Places:

%appdata%\mnaxz

%appdata%\ming

%appdata%

%sysdrive%\$recycle.bin

%sysdrive%\windows.old\users\cj\appdata\roaming

%sysdrive%\$windows.~tmp\backup\user\user\appdata\roaming

%sysdrive%\o9hycd8li1pn7dj\backup set 2017-12-17 192809\backup files 2017-12-31 190002\backup files 17.zip\c\users\administrator\appdata\roaming

%appdata%

%appdata%

%appdata%

File Names:

msvc.exe

$R8K1GWQ.exe

$RYV1388.exe

Geography:

	54.0%
	11.2%
	7.9%
	3.6%
	2.8%
	2.5%
	2.2%
	1.8%
	1.4%
	1.2%
	1.1%
	1.0%
	1.0%
	1.0%
	0.8%
	0.8%
	0.7%
	0.7%
	0.6%
	0.4%
	0.4%
	0.3%
	0.3%
	0.3%
	0.3%
	0.3%
	0.3%
	0.3%
	0.3%
	0.3%
	0.1%
	0.1%
	0.1%

OS Version:

Windows 7	61.1%
Windows 10	33.1%
Windows 8.1	4.9%
Windows 8	0.8%

Analysis

PE Info:

Subsystem:	Windows GUI
PE Type:	pe
OS Bitness:	64
Image Base:	0x0000000000400000
Entry Address:	0x000014e0

PE Sections:

Name	Size of data	MD5
.text	581120	4d95148ba3bef5c9be69bbbb4a6af566
.data	1536	16c2cb66241c0d80fc11747c99d60ec1
.rdata	67072	368194ab6175b264651219589111a6f6
.pdata	21504	e68bd2f0d7ae0752260892a5a74a1cd0
.xdata	19456	3e2c146b2da8a9fdfeb766df43347f89
.bss	0	00000000000000000000000000000000
.idata	11776	43459538a203b65b634dbbc6a9a06b52
.CRT	512	dcea0b6c01f9fd64f2aeccf9d396e80a
.tls	512	4ef93367339f74ca704c65f026b1cb99
.rsrc	1536	b2941552c42f4b2461c76a615964ec65

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for $RYV1388.exe

copyright for information about $RYV1388.exe