How to remove sysConfig.bat
- File Details
- Overview
- Analysis
sysConfig.bat
The module sysConfig.bat has been detected as Trojan.CoinMiner
File Details
Product Name: |
|
Company Name: |
|
MD5: |
76a594d3613c17456fc76336b1cdb0f1 |
Size: |
7 MB |
First Published: |
2017-11-16 15:03:34 (7 years ago) |
Latest Published: |
2023-06-11 23:01:50 (2 years ago) |
Status: |
Trojan.CoinMiner (on last analysis) |
|
Analysis Date: |
2023-06-11 23:01:50 (2 years ago) |
%sysdrive%\applications |
%sysdrive%\winsys |
%sysdrive%\$recycle.bin\s-1-5-21-2429632578-1953995673-3310169810-1000\$rqhefns |
%sysdrive% |
%sysdrive%\$recycle.bin |
%sysdrive%\$recycle.bin\s-1-5-21-375561814-1243383347-3664961121-1001 |
%desktop% |
%sysdrive%\$recycle.bin\s-1-5-21-3913015705-1624255457-2250760176-1001 |
%sysdrive%\$recycle.bin\s-1-5-21-1397371187-3726398019-3432806024-1001 |
%commonappdata% |
websock.exe |
sysConfig.bat |
websock.exe.quarantined |
trz93E2.tmp |
WEBSOCK.del |
sysConfig_7233c8bc.bat |
websock_76be29cb.exe |
websock_7233c8bc.exe |
trzA0B7.tmp |
websock.exe.vir |
trzA6EC.tmp |
securedisk.exe |
trzFD91.tmp |
trz1CAA.tmp |
$R4VCBDM.exe |
$R7RZQHI.exe |
$RN28M4D.exe |
syslog.bat |
websock.exe.infected |
xwebsock.exe |
websock.123 |
$R7MEUZ7.exe |
securedisk.exe.quarantined |
$RT4WH0L.exe |
$RXKY4V2.exe |
$RWMX3AS.exe |
websock.exe.q_Quarantine_4F16C74_q |
websock.exe.q_Quarantine_4F16C74_q.old |
trzA3AD.tmp |
WEBSOCK.EXE.del |
SECUREDISK.del |
gwebsock.exe |
Turkey |
15.9% |
|
Taiwan |
12.5% |
|
Vietnam |
10.7% |
|
Indonesia |
7.4% |
|
Thailand |
6.6% |
|
Poland |
5.9% |
|
Brazil |
5.1% |
|
Russia |
2.9% |
|
South Korea |
2.9% |
|
Iran |
2.0% |
|
India |
1.9% |
|
Romania |
1.8% |
|
Hong Kong |
1.7% |
|
Hungary |
1.7% |
|
Ukraine |
1.4% |
|
Czech Republic |
1.4% |
|
Portugal |
1.3% |
|
Malaysia |
1.0% |
|
Egypt |
1.0% |
|
Greece |
0.9% |
|
Serbia |
0.8% |
|
Saudi Arabia |
0.6% |
|
Mexico |
0.6% |
|
Italy |
0.6% |
|
Philippines |
0.5% |
|
Pakistan |
0.5% |
|
Croatia |
0.5% |
|
Algeria |
0.4% |
|
Morocco |
0.4% |
|
Israel |
0.4% |
|
Sri Lanka |
0.3% |
|
Bulgaria |
0.3% |
|
Slovakia |
0.3% |
|
Latvia |
0.3% |
|
Argentina |
0.3% |
|
Venezuela |
0.3% |
|
Japan |
0.3% |
|
China |
0.3% |
|
South Africa |
0.2% |
|
Austria |
0.2% |
|
Colombia |
0.2% |
|
Singapore |
0.2% |
|
Peru |
0.2% |
|
Tunisia |
0.2% |
|
Chile |
0.2% |
|
Slovenia |
0.2% |
|
Belgium |
0.2% |
|
Kazakhstan |
0.2% |
|
Former Yugoslav Republic of Macedonia |
0.2% |
|
United States |
0.2% |
|
Canada |
0.2% |
|
Albania |
0.2% |
|
France |
0.2% |
|
Spain |
0.2% |
|
Nigeria |
0.2% |
|
Palestine |
0.1% |
|
undefined |
0.1% |
|
Ghana |
0.1% |
|
Luxembourg |
0.1% |
|
Kenya |
0.1% |
|
Uruguay |
0.1% |
|
Iraq |
0.1% |
|
Syria |
0.1% |
|
Namibia |
0.1% |
|
Lebanon |
0.1% |
|
Macau |
0.1% |
|
Cuba |
0.1% |
|
Iceland |
0.1% |
|
Oman |
0.1% |
|
Germany |
0.1% |
|
Benin |
0.1% |
|
Bangladesh |
0.1% |
|
Belarus |
0.1% |
|
Cambodia |
0.1% |
|
Dominican Republic |
0.1% |
|
Jordan |
0.1% |
|
Honduras |
0.1% |
|
United Kingdom |
0.1% |
|
Azerbaijan |
0.1% |
|
United Arab Emirates |
0.1% |
|
Senegal |
0.1% |
|
Bosnia and Herzegovina |
0.1% |
|
Myanmar |
0.1% |
|
Nicaragua |
0.1% |
|
Netherlands |
0.1% |
|
Australia |
0.1% |
|
Libya |
0.1% |
|
Armenia |
0.1% |
|
Ireland |
0.1% |
|
The Bahamas |
0.1% |
|
Mongolia |
0.1% |
|
Bolivia |
0.1% |
|
Tanzania |
0.1% |
|
Windows 10 |
55.0% |
|
Windows 7 |
33.7% |
|
Windows 8.1 |
10.0% |
|
Windows 8 |
1.1% |
|
Windows Server 2016 |
0.1% |
|
Windows Vista |
0.1% |
|
Analysis
Subsystem: |
Windows CUI |
PE Type: |
pe |
OS Bitness: |
64 |
Image Base: |
0x0000000140000000 |
Entry Address: |
0x0001571c |
Name |
Size of data |
MD5 |
.text |
325120 |
c9f3b5f21cd15b354273f75a4000ba7a |
.rdata |
95232 |
f029986e32cd068fdcc2c0e7a983fe27 |
.data |
7168 |
2286618f56b1451aa0a19d61588f086e |
.pdata |
15360 |
acc5f6470ea6740b3be9691a93289fd3 |
.rsrc |
7183360 |
ea8812f138f294d6333a5609e8b23af5 |
.reloc |
2560 |
187fd113a133ec5a1f45762fb270b31e |