How to remove Booking.com.exe.vir

Booking.com.exe.vir

The module Booking.com.exe.vir has been detected as Trojan.CoinMiner

Booking.com.exe.vir
Remove Booking.com.exe.vir

File Details

Product Name:

Booking.com
Company Name:

Booking.com
MD5: ab30b9c440d8ec04ac23150ececc4e00
Size: 594 KB
First Published: 2017-08-02 14:06:55 (7 years ago)
Latest Published: 2024-05-24 23:01:14 (a year ago)
Status: Trojan.CoinMiner (on last analysis)
Analysis Date: 2024-05-24 23:01:14 (a year ago)

Common Places:

%programfiles%\booking.com
%sysdrive%\adwcleaner\quarantine\files\gixyoqtycvdblqfwxczpqxxqpsdiilxs
%sysdrive%\adwcleaner\quarantine\files\phfjrhikevdpgbgourizregbyxlekgqz
%sysdrive%\adwcleaner\quarantine\files\nrvgovrlxuhbbpbxbecabkcokuxncxek
%sysdrive%\adwcleaner\quarantine\3solbph71y
%sysdrive%\adwcleaner\quarantine\files\zactywkfedkkhfrlyrnshrsazpyjetph
%sysdrive%\adwcleaner\quarantine\files\bolmjzksajkotgbllhkqxpjzvewwneeb
%programfiles%
%sysdrive%\adwcleaner\quarantine\files
%sysdrive%\$recycle.bin\s-1-5-21-3015353566-2382809271-3814346017-1000

File Names:

Booking.com.exe
Booking.com.exe.vir

Geography:

25.9%
16.6%
12.1%
7.7%
6.7%
6.1%
2.6%
2.6%
1.9%
1.9%
1.6%
1.3%
1.3%
1.3%
1.0%
1.0%
0.6%
0.6%
0.6%
0.6%
0.6%
0.6%
0.6%
0.6%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%

OS Version:

Windows 7 48.7%
Windows 10 38.1%
Windows 8.1 11.3%
Windows 8 1.9%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x00041a5b

PE Sections:

Name Size of data MD5
.text 347648 4ff8eac6afb701848e96f3748c32373f
.rdata 50176 6782f5dd1dd3123086fac4841cef5269
.data 7168 9c1211b8c35ba7feb004bdec5a993f99
.rsrc 185344 87f939c9f17e9b1f2707ab757494a3e4
.reloc 16896 f88b65935d554f53d8f2ee6f083dbb91

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for Booking.com.exe.vir
copyright for information about Booking.com.exe.vir