How to remove 64[1].zip

64[1].zip

The module 64[1].zip has been detected as Trojan.CoinMiner

64[1].zip
Remove 64[1].zip

File Details

MD5: 010a7fa751f4a64c989eacabf58c8fbf
Size: 528 KB
First Published: 2017-07-25 14:21:00 (7 years ago)
Latest Published: 2018-06-21 12:03:26 (6 years ago)
Status: Trojan.CoinMiner (on last analysis)
Analysis Date: 2018-06-21 12:03:26 (6 years ago)

Overview

Signed By: 陈鑫
Status: Valid

Common Places:

%windir%\debug
%system%\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\o4jrh9o6
%system%\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\00337mj9
%system%\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\yp2510tz
%system%\config\systemprofile\configuración local\archivos temporales de internet\content.ie5\1mqb0216
%system%\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5
%profile%\efault user\local settings\temporary internet files\content.ie5

File Names:

lsmose.exe
64[1].zip

Geography:

28.6%
28.6%
14.3%
14.3%
14.3%

OS Version:

Windows 7 71.4%
Windows XP 14.3%
Windows Server 2003 14.3%

Analysis

Subsystem: Windows CUI
PE Type: pe
OS Bitness: 64
Image Base: 0x0000000140000000
Entry Address: 0x0001fb64

PE Sections:

Name Size of data MD5
.text 359936 44d097513901f3364a444c9e47c34af7
.rdata 129536 f476411fc8f2e9cdb3df13dacb5a0086
.data 9728 c6f3bde0a34d83c248d677d63c9da814
.pdata 20992 e948ebd1b06d56a9e88b40fba205f282
.tls 512 1f354d76203061bfdd5a53dae48d5435
.gfids 2560 2395cba5f2d344d7e231556fea8feff6
.rsrc 512 455df74e1aa2c80a98a890d2aaba8cea
.reloc 3584 26eb2fa87fb9b2ef58930e0035527e7c

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for 64[1].zip
copyright for information about 64[1].zip