GridinSoft Threat Intelligence

1bff201d.exe.vir threat report

Detected as Trojan.CoinMiner File reputation report

» File
File Details
Overview
Analysis

Status Trojan.CoinMiner

Identity b06e67f9767e5023892d9698703ad098

Source GridinSoft ThreatInfo

MD5 b06e67f9767e5023892d9698703ad098

Latest seen 2026-04-25 23:01:36 (a month ago)

First seen 2017-05-21 10:03:04 (9 years ago)

Size 915 KB

Publisher AutoIt Team

Product AutoIt v3 Script

Signed by AutoIt Consulting Ltd

Analyst brief

What this report says

GridinSoft Anti-Malware detects 1bff201d.exe.vir as Trojan.CoinMiner. The sample was last observed on 2026-04-25 23:01:36 (a month ago) and reports publisher metadata associated with AutoIt Team / AutoIt v3 Script. This detection belongs to the Trojan report group, where related files are organized by family-level behavior and prevalence.

This page combines the detection verdict with file identity, publisher metadata, alternate names, observed paths, geography, OS signals, and PE details so the report reads as a triage record rather than a standalone download page.

GridinSoft Anti-Malware detection

Detected by GridinSoft before you download

The current ThreatInfo record shows this exact file hash detected as Trojan.CoinMiner. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.

Detection name: Trojan.CoinMiner
Recommended action: Scan and remove
Last analysis: 2026-04-25 23:01:36 (a month ago)
File hash: b06e67f9767e5023892d9698703ad098

Download Anti-Malware

Why it matters

Why GridinSoft flags this file

Detection

GridinSoft identifies the sample as Trojan.CoinMiner, part of the Trojan threat category.

Category context

Malware disguised as legitimate software or delivered through deceptive packaging. Related Trojan reports help compare this file with nearby detections, publishers, and hashes.

Timeline

First seen 2017-05-21 10:03:04 (9 years ago); latest analysis 2026-04-25 23:01:36 (a month ago).

Publisher context

Company metadata: AutoIt Team. Product metadata: AutoIt v3 Script.

Digital signature

Signed by AutoIt Consulting Ltd. The signature is reported as valid, but signed files can still be bundled or abused.

Aliases

This hash has appeared under multiple file names, which can happen with repackaging, bundling, or deliberate renaming.

Observed locations

ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.

Recommended action

What to do next

Compare the MD5 above with the file found on the device.
Check whether the file appears in the observed locations or under one of the alternate names.
Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present. Review the Trojan category for related samples and common context.

File context

1bff201d.exe.vir is a Windows file recorded in the ThreatInfo database. It is associated with AutoIt v3 Script. The reported company name is AutoIt Team. The current detection status is Trojan.CoinMiner, based on the latest analysis from 2026-04-25 23:01:36 (a month ago). ThreatInfo groups this verdict with Trojan reports for broader family-level investigation.

If 1bff201d.exe.vir appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Trojan.CoinMiner.

File Details

Main Info:

Product Name:	AutoIt v3 Script
Company Name:	AutoIt Team
MD5:	b06e67f9767e5023892d9698703ad098
Size:	915 KB
First Published:	2017-05-21 10:03:04 (9 years ago)
Latest Published:	2026-04-25 23:01:36 (a month ago)

Analysis:

Status:	Trojan.CoinMiner (on last analysis)
Analysis Date:	2026-04-25 23:01:36 (a month ago)

Detection screenshot

The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.

Overview

Digital Signature

Signed By:	AutoIt Consulting Ltd
Status:	Valid

The signature on 1bff201d.exe.vir is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.

Common Places:

%sysdrive%\winddowsupdater

%appdata%

%profile%\mdefrr0nflnxo6mo

%profile%\vcl193vbjqbstcnr

%profile%\ala\application data

%profile%\phyh20aghlykfgzb

%profile%\0jx2jcaw2rmxvnpr

%sysdrive%\newcpuspeed

%profile%\y1c4ojm4ss7q1cyd

%profile%\bswl

ThreatInfo has observed 1bff201d.exe.vir in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

File Names:

752 observed names

winddowsupdater.exe SGGX.exe WhSb.exe bCDe.exe KZUU.exe QXNN.exe CBPL.exe gFYA.exe eVWO.exe UVLN.exe ZbYV.exe DJcV.exe bPfU.exe cpufix.exe XGAQ.exe TCdC.exe qlvpl.exe QFcI.exe JJKR.exe lnzustf.exe IPHY.exe DMHS.exe cRQZ.exe aTYC.exe QXVP.exe browserupdater.exe MILN.exe fARI.exe ZYZS.exe PUQg.exe Uhfc.exe bRMYJJcLFWfBKGbHAV1.exe lsass.exe eFcZ.exe XdZK.exe ddCQ.exe bBUL.exe GYhf.exe ZcCD.exe hiUM.exe FGKZ.exe svcrold.exe NXXS.exe ecZU.exe BPLH.exe wscript.exe BFLR.exe dJYL.exe FgYF.exe PIcU.exe KdHM.exe FUKd.exe dZML.exe DBYI.exe FHBO.exe SLCK.exe cpuchecker32.exe MHCN.exe MMbP.exe QPGi.exe TTGC.exe CAPL.exe JarScheduled.exe DZci.exe bEcR.exe XBQc.exe AutoIt3.exe Rad.exe bSHU.exe cpuexecute.exe WinddowsfsdUptrtdater.exe eciU.exe RYNY.exe CBgD.exe eNTUXcMbcUBTWAIRQI.exe VWPB.exe hFbJ.exe CgRe.exe iiAZ.exe aNbi.exe dBBP.exe PeBL.exe VOhW.exe eQTC.exe SNAO.exe FVLd.exe 5a62eeecb84610c2d095eff2159ef59f.exe b9bcb3cfdaa0308207ba00d76cb95a95.exe ELPI.exe 80558113f91c5ccf663eddfcd75a169e.exe 33df36f4ee07ce4044ff9b81740c1be6.exe 34ddf7251faa89b2a0aaa0408d98e3f8.exe 828ad4f0fa3a89f13d41c38f10cb4b1c.exe 032068c5d8903c66ecee3f00c01d3897.exe ff98a04da2ce35b8319342d33edaad85.exe 9215e82222cf709d8a2ccb0a8e622483.exe bc40d931f81462c40a0e46332a4f7a0d.exe XZJZ.exe c8eb496b1abdcec81d257faf882bbf0d.exe n7z8xkovm.exe PfFO.exe mhnidwifwm.exe feGA.exe nwkoscutub.exe 475d933ba858283e56a1f7509126d76e.exe e555b3b801e4d4cde33a57677a777e66.exe VD9fN86tv.exe ra5oBWiYB.exe 551a83fde3a62c0588e86dfe98f8daca.exe 259382eb0295d971e65173b2d2cba3c8.exe fmauspmuls.exe mhrjjjiacm.exe b5de250ae3364d91a9bc4189d40d97d6.exe 425015d769f0112da8124293dc3238d6.exe ttthuwtiae.exe 9eef0c46bcc2a2d2d3659a5ffc5991a0.exe sjawjkaqxe.exe JUef.exe -1885450432.exe KheI.exe dce58132.exe fomdurfrbo.exe lmd7p4.exe f4486a81.exe qcluxqilmb.exe 3d5773d6.exe 76cea66b.exe aurilcroeu.exe 731ec767.exe ckoblsfmmq.exe MQON.exe 1ec942ea5fc21404f29fe14e90388d0e.exe wlwuqgplrn.exe 0b7dda51.exe arjqumc.exe 081ae6aa.exe d94a6f46.exe bYQhXVEfYMJFEVHeCe1.exe LiEIBJcAZMBDdKgNXI1.exe WLGT.exe b031291e.exe ba5cb0ab.exe QTpewvbG0u.exe 7b9b5169.exe wbjurfkwvp.exe 5a3ff8e4.exe c94ddf8fd9b3c422de8cb294baf9fd53.exe lcbhvxojnk.exe d2ebeffe0fcdbc63afe8b34118a6a925.exe oijvfmbobn.exe 90cf54ae.exe knukxktuet.exe ab6143f6.exe mjxxhhqxmk.exe a6eece5f.exe 9ae742e75f027a3875acfd572f6182c0.exe pbxberjsco.exe dfcf43d2.exe 2f8f0d19.exe shflhxnkna.exe antiusb.exe uhhtrmolkq.exe 25bc918a.exe arajvcg.exe 39f67913.exe tmpaepqxlm.exe cupaf.exe a05d3124a2aded8e72e048746b47a096.exe ac0c2b9e1c341e65072e2573e18a9a3a.exe f1abcc04.exe udsqbmuhen.exe 2ad7ffae.exe 7ff6d3781c486d482bf34880784ecc5c.exe fa091e0b4361f78c4bfefeb19c519539.exe a091e0b4.exe 51096ef5.exe 15523544.exe hucekaiqig.exe rdqxbulecx.exe 2f3fd67c.exe usoavssegd.exe twunk_64.exe ZJCL.exe 44eae01e.exe csouotdnvt.exe 47ab4c91.exe d44a7e7f.exe cwmdutbepv.exe 7e874a8dddedcbdd36399caf6c869279.exe owcrameati.exe 24e53921044335a7d922dab4fa2b0554.exe 39e400636e01913460e189c6ea53bef0.exe 3a5c7ed0.exe bneguqlssv.exe f7022a6e91bbc0aeb3b604aaeea967ab.exe gqjuoatnos.exe 7d7e974e.exe daotxbcndo.exe 1ad1dd5a.exe cf1267a52e8494156f97eb847f7411a1.exe onmlnksgwl.exe af8e6d4e.exe rcrdtftaih.exe 6ec9ce36.exe 4967d28c.exe vmsdfhiwoj.exe dnkwqrthek.exe 853b2bee.exe DDZZU.exe nJHswci6o.exe ltuwvidool.exe 0b1519b2.exe ariueodjqs.exe a9p2bdq56.exe 92de77ca.exe adgrlsmsfx.exe fqcrumnwwl.exe 2617be1b.exe qbqxlqwuqn.exe hcunexuurf.exe efded0ca.exe cucgvlkamd.exe f46bc439.exe 0b5982f6.exe agdgnllqwp.exe 60d65571.exe tpvjrfmohf.exe 3ea0fd7b.exe b15b144ed07fe312454e83005e39da2c.exe 85689ba1d1e82ebdef3eef20302b0878.exe kiwrhtqhlt.exe b79ad77b.exe kjoerjnujo.exe fcdbf0f9.exe evuikecjhb.exe xgojikmqqd.exe 57e3b7f0.exe 26b351b0.exe pdrma.exe c11c1ff4.exe anmdnlkqkt.exe 5dab7bd2.exe mtixejglav.exe 00f7f776.exe 2851c2cb.exe cigscnbjkg.exe 0ca5daea.exe 9b08c558.exe oinwjfjnst.exe bwubcemewj.exe 99f9ae2d.exe 8afda84e.exe mjbmouokng.exe 15ae097d.exe b50e7285.exe 86c8f95a.exe eqobprbvmd.exe dc5ca3b0.exe c268c048.exe wxsxkqbcfd.exe e3dbb38b.exe 87ccb49aa418e5dd6ce7bba8f1fe84a1.exe kftlcgucdo.exe tkwvjmqehx.exe 783799b6.exe 43293b09.exe gejjlvsgxc.exe 893b5a29.exe 8326b2545c4c7cda421992d7d1d9353c.exe kafbqmbogk.exe 39db5857.exe 1312419840.exe a7bbe41337034f805cf3e238b53e3e1d.exe babfcda5.exe cljtuarjsm.exe 48c30508fc07979221c358f3d4c12ed1.exe 8c30508f.exe sgrumgcswr.exe e093e67e.exe 60bc0f56.exe 0551d9c5.exe 31270ec0.exe 45f096fe.exe begfjsfopx.exe 612ce799.exe kbrpaktbqv.exe e864f1bd.exe hvbcawhimf.exe 6c558b34ff9a67d1b2436802d08f9664.exe rvaixxpwxg.exe sxcbblxkbe.exe 62be5dae.exe 2301a462.exe c867635f8f285b3d742b772d260607f0.exe hxjjkekloq.exe 8b2ddc93.exe pcrgfjxfho.exe bd395901.exe ansagmrpal.exe 611e67b0.exe b3077b393c3eabbe8b4b05be6d0bad68.exe udmbgwhlxg.exe 57f7100f.exe 1160117f.exe bsdtwddoms.exe 4a41dfa8.exe jrbpukamda.exe a423f8db.exe 6b6c5914.exe ff8b4f79.exe rfxnbmlawq.exe 0680d932.exe 4f378d94.exe gbkevuxeow.exe nruvashttk.exe 146e6516.exe d6fdab26.exe dbnrceiabs.exe noivrpwitk.exe cc6de429b57b7440aa875cf3624ab3b5.exe e060aa6a.exe rughwnmmnj.exe dxvlgkjonr.exe 9e5bd110.exe 1208ef3f.exe c49b8bd9.exe 44476cbc.exe tkbfidhmpa.exe wmnleuqvug.exe bqovllikrf.exe ceab766d.exe 0c20ce80.exe kruqiqvcsq.exe f2274ca1.exe aLig8uRIJ.exe rksagirjnl.exe e71d85d1c2ee77115e989b6304d0ff8b.exe 4cbb15cd.exe 9243d6c5.exe 7f24531d.exe amvlfktxdq.exe 52de6c12.exe oaqessvoqr.exe c56b09a9.exe edac4773e84496e1762abf919f35c3ff.exe esvgpveqsm.exe d8aa3f4a.exe 484c75cd.exe ouohujhhan.exe qglesakcwx.exe ac95e075.exe 2157a984.exe dcdskrvrwe.exe 1134100f.exe wjnvxfdwtd.exe c0777a81.exe todjobqhlo.exe 42bc2c78.exe mwufigqfxm.exe 0071d175c126397671c2739c551e4c11.exe 335735d2.exe 7be560f3.exe 07be560f35c1961bfce032aa518d1e4d.exe b9c08b3f.exe nfrgdsmvlk.exe a0d0b9b05cffbf947d701c9ac9ef48c6.exe 7502a02d.exe 1ce72d65.exe 11ce72d654de45f5677d23f937a354db.exe d7b07990274b3943ad8148889c159851.exe ff2dd64a.exe bqksmbeceh.exe lrhdolfeio.exe bdcb4594.exe 61339700.exe bpxdtcjhxt.exe a902d8dd.exe lsgdwcbghf.exe fed58009.exe wisxpsdbte.exe 898ef36e.exe 540677df.exe 8b2ea56b.exe gocjqixpxa.exe 0050348c.exe 276f5b27.exe fea91cf1fef8af948f55ea4eea971714.exe 8af0ca90.exe nlifshmxxp.exe ovygn.exe 80d2e0c6.exe mdnuwxfqjb.exe fhxqciodgt.exe e9fb3c88341198beec4d960be7d9c89f.exe 8f0a0294.exe fpbmtrqcqh.exe 1ce53290.exe uhlwdslxej.exe 86efc6c8.exe phisotfdok.exe agglrjfpka.exe be7e4f8a.exe kaacgnpbhu.exe 81a4a544.exe acgurhcjfl.exe b8b454c0.exe 378bef26.exe uennpgwsku.exe 8d2b66c4.exe ojhagcbfic.exe 6f7bda9e.exe cwoohvkilf.exe 23e51e18f95fa715ada858e3d0781d6a.exe 24657d80.exe tkdvrrjtvs.exe vrmtsfemoe.exe tupwoxvmhv.exe 3cf84a8c.exe ofdnpdmdub.exe 82dc8448.exe islqqsoclv.exe 9855ee64.exe af6be25e.exe 0d15a59c.exe gjjkwpcjeo.exe wbkksmfsrd.exe 8bc30acf.exe spduueklqx.exe 3dc3eec5.exe 78980612.exe hhocbrfssw.exe 42a23b4b.exe 0c0080bb.exe 17387117.exe ed578ca4.exe bptvrwifuf.exe 3fdd8ebe.exe b8bb338f.exe wpupqeblut.exe 32b1421a.exe eefnqacxpu.exe afprdtaidj.exe 7518e47d.exe bd9f42e0.exe gscdjjgjnk.exe d3327355.exe 8d2b66c4.exe.quarantined c482311d.exe xlorneeflk.exe 084857ddbc121b5f497e28999f7048f2.exe iomfibsplp.exe 56e510a7.exe sjthcrfbaq.exe 41e2e921.exe d42df7e6.exe 7fc0146b.exe 9be38bdc.exe qoexnbwnrb.exe kgjrkcutte.exe fbc44b92.exe VcBL.exe amofkjeelq.exe e60e597f.exe 811acd54.exe 604f4eda.exe 95499f9e.exe ecrdvnchtr.exe emjmprlldc.exe eb0adb2c.exe 4d26a2c4.exe nvrhxqkxvj.exe bbdf0064.exe pijfjnkjkk.exe de881432.exe utrvhcshsb.exe 2f92fc2d.exe cfqirjidjv.exe bdcffada.exe eknckmhjhd.exe 1e298cba.exe 02dcfc9b.exe vrshlsnlon.exe 5370248c.exe 10a80f99.exe ifkvvqfhpw.exe b4ab71cd.exe spgivufrex.exe df17b30b.exe fLAb.exe 9494b669.exe bwtgjhcjgj.exe 03d8e7b2.exe 1b479024.exe fwmcehrjlf.exe bbb85445.exe pcqhdpgivu.exe 93a14717.exe 2894bfe9.exe vxaqweslth.exe b73559f3d5dbd5a19f7cd0e320164adc.exe d8384c1f.exe ckturxsgvn.exe 598e2523.exe avporfitmu.exe 4dc5d4fe.exe nclvpdqgqr.exe 72910c17.exe wxtqsmknbc.exe 4d4991a7.exe 8f59f457.exe mtmbctktmt.exe d72f2aff.exe 7679ab8c.exe pophtrxlpd.exe 5afb9453.exe iiujiqffwn.exe b82b7fac.exe 9aee073b.exe uvdtgkjlvs.exe fa6afb3b.exe asctinqmve.exe c19162dd.exe usuniaanbe.exe 8da8897c.exe b5f6c4a9.exe ebwiquaejl.exe a68f1979.exe a50ddb75.exe nflipaimcc.exe anqjpqlrnj.exe 36fd69ac.exe 504ecb6786e8cf467f4257263311e914.exe 742af6dc.exe vheseeklru.exe 8cb77cfa.exe 4c6285c8.exe oriwgbrttb.exe pqkvbwhlqa.exe 25cb3f54.exe 27b40e4c.exe pikwtcmqqe.exe 12edf015.exe ef7a4216.exe wwddapgnrb.exe 8e8a8e97.exe cgitdxgphq.exe 0b0ad2aa.exe heanntpscu.exe e0b93d6d.exe 3e1b23f5.exe wscxihitlc.exe 57d22b1f.exe a3e8f5cd.exe kftrloilst.exe vmtxdgebkl.exe 3ab5df30.exe JfCa.exe c0e2b2ae.exe wjbkwlahga.exe 57e57b74.exe b5891614.exe 4cb3eb76.exe trkjcdovra.exe f873e394.exe a70007b1.exe wejlrioece.exe 615c7149.exe vojqitjxwb.exe 7bc557b0.exe BrowserHandler.exe f5989bd4.exe 97db9eab.exe 54778d96.exe fc86b9a0.exe upkfcsvihg.exe 2b1d3f68.exe 93eac0627fe369c655d7c04a6ede3de2.exe genllbplvs.exe 3ea8edc0.exe a0e3850a.exe 56e2321a.exe ooxcrtcxmj.exe cd6baff4.exe 1cd6baff4f2564070da3fdd33310bafc.exe 1f471583.exe stgqojolec.exe c604a3ae.exe b5921640292dd4081fb98142c3c274b7.exe djkktjntno.exe 59216402.exe 6c967800.exe wwwlvkvqnd.exe d794d111.exe bakqjtxnic.exe 7c140dc9.exe cicsucbohg.exe 9b8c56f0.exe 6a69f395.exe buhwxvcbgg.exe 5e91137e.exe 6537cd3d.exe ggcmegafru.exe e848bcaa.exe qghgsbavtk.exe 98c9db28.exe WiYO.exe c3e5b0b5.exe eownjqocjw.exe 71c9d2f6.exe nrf.exe f1258008.exe imvomtveji.exe 9af04791.exe kaxnbskmqt.exe 20e562dd.exe hqijqmwlia.exe a72cf437.exe uvfextvfxl.exe ffec6d2d.exe 81fcccef.exe mvabkxtgnt.exe 9c75a460.exe 6e6d8f69.exe 98216790.exe 52372967.exe qshtpwwoes.exe uRPIB.exe f6dad338.exe ljlewsgflj.exe b517645a.exe 3853df7f.exe qchnxgagtf.exe urgoisshox.exe b91cb374.exe 8dfcee2e.exe c396dc19e0966f79cb4c0a4b7718eefd.exe 462fc8d5.exe 711016.exe vhitgcambg.exe cb227aaa.exe 9ed9d759.exe hcjakgortf.exe wyXQK.exe lkEmM.exe hwb.exe 6855eea0.exe qoknwnkbch.exe 97339135.exe 466cdddf.exe nfvifqcwtv.exe bqjsvraedw.exe e34b93bf.exe txwveumxwc.exe adcba757.exe 7a73163e.exe 988c3a75.exe qojrjflagv.exe 90a53ff9.exe f8ca8f03.exe wdvvwpclmv.exe b71a11d9.exe cqxpphkgaa.exe 22f46b35.exe dxaqtaxobr.exe 5602c4b9.exe rmpbapkmlr.exe ee5520be.exe hsqlbmooph.exe crtxdoktlc.exe 5d4bad09.exe e8cf9836.exe lghifncgwh.exe mscfaxiwom.exe bdrbkafftk.exe 9d1384e3.exe 0159e7c1.exe madgdqwgpe.exe 9b68cc40.exe d4f32a2f.exe adudvoqjcm.exe 9f1d7d14.exe spmscnulxm.exe oqkntdguvj.exe a47b6a35.exe d9abee41.exe rfbxsvxsaj.exe ttwnjmkime.exe 48c46e0b.exe fsiopdvdix.exe fa0c068b.exe gbkjwckejc.exe 7525db49.exe eqgrloksbc.exe 844a7762.exe 60b76efb.exe 3b31d7a2.exe dpsvtevtlf.exe hvcagflwrn.exe 6d4d3674.exe 52836acf.exe qbpejeqabw.exe 2f2b995a.exe mehcvvcfdh.exe 6989b2f6.exe ca294bc7580736e674008bba555506b9.exe 4a316966.exe 72826876ab32b2e0400005c4dd8d8825.exe 2440f38d.exe c189375e.exe f4618aa6.exe tcegqkinrt.exe 9f873320.exe 2a51e49c.exe slgsebjwjq.exe tddpdiunqm.exe 309fd9fe.exe 6f4df3bc.exe csngmnirbi.exe vspvgnimha.exe 15ea78e7.exe a23184dc.exe agkoobqcnc.exe dxtqnnxtvr.exe baa55a8b.exe vhemiljesf.exe c55a85ce.exe ugvtnqiqgl.exe 349175fc.exe 005ca785.exe ciemprefib.exe bea7aaf6.exe ceGyA.exe eqbb.exe kfxrelvege.exe 2d7eaafb.exe pbvjqjoolc.exe dc6c9903.exe 082f6fb9.exe ilcqcnfkxo.exe rptvpcvpoa.exe c6e5ec68.exe lwegcbuaui.exe 77d2939a.exe 8e6c8230.exe wkbdqqxqkj.exe uhlqtfrmxx.exe 77cf1063.exe a8bca8a0.exe porrjhsjhb.exe f301e0d5.exe mvwscpiugd.exe 1bff201d.exe.vir

This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.

Geographic signal

Observed country distribution

ThreatInfo has seen 1bff201d.exe.vir across 76 countries. Use this signal to compare local evidence with where the sample is most often reported.

Top country Spain

Share 34.2%

Low High activity

Top observed countries

34.2%

15.0%

10.6%

2.7%

2.4%

The strongest geographic signal for this file is Spain with 34.2% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 10 48.4%

Windows 7 42.3%

Windows 8.1 8.1%

Windows XP 0.3%

Windows 8 0.3%

Windows Embedded 8.1 0.3%

Windows Vista 0.1%

Windows Server 2012 R2 0.1%

The most common operating system signal for 1bff201d.exe.vir is Windows 10 with 48.4% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

PE Info:

1bff201d.exe.vir is identified as pe for 32-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Format pe

Architecture 32-bit

Subsystem Windows GUI

Entry point 0x00027f2a

Image base 0x00400000

PE Sections:

Sections 5

Raw data 930816

Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.

.text 583168 bytes · 62.7% of section data

MD5 6249936e65386a92f81cafe1002bdfa7

.rdata 188928 bytes · 20.3% of section data

MD5 bc5f3e1d32f63515ccdba51e0127261d

.data 20992 bytes · 2.3% of section data

MD5 369ae989c1921a2d2c173764c4ba6755

.rsrc 108544 bytes · 11.7% of section data

MD5 493da175ad3748b781d880470d5feb40

.reloc 29184 bytes · 3.1% of section data

MD5 55e11e101770b4c9ff91e271bc9ebe84

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

Report conclusion

GridinSoft detects this file as Trojan.CoinMiner

This report identifies 1bff201d.exe.vir by MD5 b06e67f9767e5023892d9698703ad098. It is part of the Trojan report group. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.

Download GridinSoft Anti-Malware Scan the device and confirm whether this exact hash is present. Check this hash on VirusTotal

Recommended next steps

Compare the local file MD5 with b06e67f9767e5023892d9698703ad098.
Check the file path, publisher, and signature against the details in this report.
Run a GridinSoft scan and remove the object if the same hash is found. Use the Trojan category to compare similar reports.