How to remove service_box.html

» File
File Details
Overview
Analysis

service_box.html

The module service_box.html has been detected as Trojan.CoinMiner

service_box.html

Remove service_box.html

File Details

Main Info:

Product Name:	System Native Service
Company Name:	www.somedomainthatnotexists.com
MD5:	a51bdae84e820ac63ef1181401a89f27
Size:	1000 KB
First Published:	2018-01-02 18:09:14 (7 years ago)
Latest Published:	2018-03-07 13:02:46 (6 years ago)

Analysis:

Status:	Trojan.CoinMiner (on last analysis)
Analysis Date:	2018-03-07 13:02:46 (6 years ago)

Overview

Digital Signature

Signed By:	Jetstar Media LTD
Status:	Valid

Common Places:

%sysdrive%\$recycle.bin\s-1-5-21-429557435-466669265-1786256089-1001\$rvlfil3

%programfiles%\system native

%appdata%\zhp

File Names:

service_box.exe

service_box.html

Geography:

	23.8%
	14.3%
	14.3%
	9.5%
	9.5%
	4.8%
	4.8%
	4.8%
	4.8%
	4.8%
	4.8%

OS Version:

Windows 7	47.6%
Windows 10	42.9%
Windows 8.1	9.5%

Analysis

PE Info:

Subsystem:	Windows CUI
PE Type:	pe
OS Bitness:	32
Image Base:	0x00400000
Entry Address:	0x00001500

PE Sections:

Name	Size of data	MD5
.text	722944	1fc7afccfe7a67b688137550711d46d6
.data	512	f32ecc31043f786678f1067ff524a1d7
.rdata	62976	1fad22add5c09e3e1a387b0b30ca6a5a
.eh_fram	112128	dbdcaa2a0bb93b9faccc1beec7cdb819
.bss	0	00000000000000000000000000000000
.idata	9728	da3d5232668162b0062fd21edd1e0832
.CRT	512	b5cadf2307f0db18cfcadc4b67488bcd
.tls	512	65e87a41a853e37787dad7dd6ca72dea
.rsrc	106544	616adff212e479676009d2db75cdb5a7

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for service_box.html

copyright for information about service_box.html