How to remove miner.gh
miner.gh
The module miner.gh has been detected as Trojan.CoinMiner
File Details
| MD5: | 4db0c33744bdc72fdf35ecc5f0297010 |
| Size: | 312 KB |
| First Published: | 2017-06-23 16:06:53 (6 years ago) |
| Latest Published: | 2024-04-16 23:07:08 (2 weeks ago) |
| Status: | Trojan.CoinMiner (on last analysis) | |
| Analysis Date: | 2024-04-16 23:07:08 (2 weeks ago) |
Common Places:
| %desktop%\новая папка (3)\0.3.4b |
| %temp%\{ytwlm-a0lzy-qe8n8-5etnz-cxhvj-b01hv} |
| %temp%\{qt25g-nbm08-jcphp-a2sen-j167b-nfx6g} |
| %profile%\downloads\майнер\0.3.4b |
| %appdata%\.micro_miner\resources\nvidia\8 |
| %appdata%\.micro_miner\resources\nvidia\7 |
| %temp%\{70h1j-notnm-7wqyl-8zsy8-pobqu-hghfp} |
| %temp%\{0qaub-0wr24-8cfqt-7x5ea-8yyov-5zwwp} |
| %temp%\{tt6co-mmoz6-8mff6-6kfqm-yhdfc-uz2ga} |
| %temp%\{rk54j-be877-wu7wo-6pgsy-mmvns-c1x9g} |
File Names:
| miner.exe |
| vds.exe |
| nmworker.exe |
| kryptex5.exe |
| $RZ8DGEI.exe |
| zminer.exe |
| idlemonitor.exe |
| Sessionmanager.exe |
| BTGminer.exe |
| svchost.exe |
| GoogleUpdate.exe |
| msiexec64.exe |
| cmmon64.exe |
| miner.exe.quarantined |
| game_machine_miner.exe |
| H2INC.exe |
| svcnost.exe |
| videodrv.exe |
| tmp_tmp |
| E.exe |
| update.exe |
| vpnconnection.exe |
| mss.exe |
| _ |
| csrs.exe |
| $RF4YVW2.exe |
| ewbf.dll |
| unp136249224.tmp |
| LocalSecurity.exe |
| msiexec64.exe.q_Quarantine_180B0_q |
| Zec_miner.exe |
| MINER.EXE |
| $RI0P15E.exe |
| trz11D1.tmp |
| dllhst6g.exe |
| X64_70.EXE |
| MSIExec64.exe |
| perfwats.exe |
| sqlite-3.21.0-dd204077-86dc-410f-8812.dll |
| X64_80.EXE |
| $RZHJQHY.exe |
| $RP1M4P3.exe |
| cpservicemainx.exe |
| miner (2018_03_22 14_10_05 UTC).exe |
| $R0G0BDK.exe |
| MsiExec64.exe |
| MsiEXEC64.exe |
| MsiexeC64.exe |
| mSiexec64.exe |
| MsiExec6334.exe |
| Winx64Legacy.exe |
| MSieXec64.exe |
| MSieXEc64.exe |
| MsieXEc64.exe |
| MsieXEc64.Exe |
| MsiExEc64.ExE |
| MsieXEc64.Exe.q_Quarantine_27A20_q |
| mSiExEc64.ExE |
| msIExEc64.ExE |
| Fuck You.ExE |
| MSiEXEc64.exe |
| svhost_x64_3.exe |
| miner.gh |
Geography:
| 32.9% | ||
| 12.5% | ||
| 5.0% | ||
| 4.9% | ||
| 4.9% | ||
| 3.6% | ||
| 2.9% | ||
| 2.8% | ||
| 2.3% | ||
| 2.1% | ||
| 1.6% | ||
| 1.6% | ||
| 1.5% | ||
| 1.5% | ||
| 1.4% | ||
| 1.4% | ||
| 1.2% | ||
| 1.1% | ||
| 1.1% | ||
| 0.9% | ||
| 0.9% | ||
| 0.8% | ||
| 0.8% | ||
| 0.5% | ||
| 0.5% | ||
| 0.5% | ||
| 0.5% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% |
OS Version:
| Windows 10 | 56.1% | |
| Windows 7 | 31.5% | |
| Windows 8.1 | 11.8% | |
| Windows 8 | 0.3% | |
| Windows Server 2016 | 0.1% | |
| Windows Vista | 0.1% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 64 |
| Image Base: | 0x0000000140000000 |
| Entry Address: | 0x0000fb28 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 61440 | faf0b3b4d00ee1e81f53d5e5893d4e84 |
| .rdata | 23040 | 50984bcd36555a13a178bb85d5c76f16 |
| .data | 512 | 88a28a97b33fc2f34bb22d3a0a7766cd |
| .pdata | 2048 | b327db2eaf2bf18dc333e6f49b45e66e |
| .nv_fatb | 230400 | ba3ad39bfc3920a147732ef77a977876 |
| .nvFatBi | 512 | 8768c9ddacfdccd78a1ee586ab62772b |
| .rsrc | 512 | c7ae451f697a37c7629a25f4951d6c78 |
| .reloc | 512 | d1ad352535364605c4bf0f1d1b6d992b |
More information:
Download GridinSoft
Anti-Malware - Removal tool for miner.gh
