How to remove sysConfig.bat

» File
File Details
Overview
Analysis

sysConfig.bat

The module sysConfig.bat has been detected as Trojan.CoinMiner

Remove sysConfig.bat

File Details

Main Info:

Product Name:	CPU utility
Company Name:	PC Tools
MD5:	76a594d3613c17456fc76336b1cdb0f1
Size:	7 MB
First Published:	2017-11-16 15:03:34 (8 years ago)
Latest Published:	2023-06-11 23:01:50 (2 years ago)

Analysis:

Status:	Trojan.CoinMiner (on last analysis)
Analysis Date:	2023-06-11 23:01:50 (2 years ago)

Common Places:

%sysdrive%\applications

%sysdrive%\winsys

%sysdrive%\$recycle.bin\s-1-5-21-2429632578-1953995673-3310169810-1000\$rqhefns

%sysdrive%

%sysdrive%\$recycle.bin

%sysdrive%\$recycle.bin\s-1-5-21-375561814-1243383347-3664961121-1001

%desktop%

%sysdrive%\$recycle.bin\s-1-5-21-3913015705-1624255457-2250760176-1001

%sysdrive%\$recycle.bin\s-1-5-21-1397371187-3726398019-3432806024-1001

%commonappdata%

File Names:

websock.exe

sysConfig.bat

websock.exe.quarantined

trz93E2.tmp

WEBSOCK.del

sysConfig_7233c8bc.bat

websock_76be29cb.exe

websock_7233c8bc.exe

trzA0B7.tmp

websock.exe.vir

trzA6EC.tmp

securedisk.exe

trzFD91.tmp

trz1CAA.tmp

$R4VCBDM.exe

$R7RZQHI.exe

$RN28M4D.exe

syslog.bat

websock.exe.infected

xwebsock.exe

websock.123

$R7MEUZ7.exe

securedisk.exe.quarantined

$RT4WH0L.exe

$RXKY4V2.exe

$RWMX3AS.exe

websock.exe.q_Quarantine_4F16C74_q

websock.exe.q_Quarantine_4F16C74_q.old

trzA3AD.tmp

WEBSOCK.EXE.del

SECUREDISK.del

gwebsock.exe

Geography:

	15.9%
	12.5%
	10.7%
	7.4%
	6.6%
	5.9%
	5.1%
	2.9%
	2.9%
	2.0%
	1.9%
	1.8%
	1.7%
	1.7%
	1.4%
	1.4%
	1.3%
	1.0%
	1.0%
	0.9%
	0.8%
	0.6%
	0.6%
	0.6%
	0.5%
	0.5%
	0.5%
	0.4%
	0.4%
	0.4%
	0.3%
	0.3%
	0.3%
	0.3%
	0.3%
	0.3%
	0.3%
	0.3%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.2%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%
	0.1%

OS Version:

Windows 10	55.0%
Windows 7	33.7%
Windows 8.1	10.0%
Windows 8	1.1%
Windows Server 2016	0.1%
Windows Vista	0.1%

Analysis

PE Info:

Subsystem:	Windows CUI
PE Type:	pe
OS Bitness:	64
Image Base:	0x0000000140000000
Entry Address:	0x0001571c

PE Sections:

Name	Size of data	MD5
.text	325120	c9f3b5f21cd15b354273f75a4000ba7a
.rdata	95232	f029986e32cd068fdcc2c0e7a983fe27
.data	7168	2286618f56b1451aa0a19d61588f086e
.pdata	15360	acc5f6470ea6740b3be9691a93289fd3
.rsrc	7183360	ea8812f138f294d6333a5609e8b23af5
.reloc	2560	187fd113a133ec5a1f45762fb270b31e

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for sysConfig.bat

copyright for information about sysConfig.bat

How to remove sysConfig.bat

sysConfig.bat

The module sysConfig.bat has been detected as Trojan.CoinMiner

File Details

Main Info:

CPU utility

PC Tools

Analysis:

Common Places:

Geography:

OS Version:

Analysis

PE Info:

PE Sections:

More information: