Keygen_For_Fake_2021_11_by_ReverseCodez.exe Trojan CoinMiner Analysis
| Online Virus Checker | v.1.0.182.174 |
| DB Version: | 2024-07-14 01:00:20 |
Trojan.Win32.CoinMiner.ns
CoinMiner is a type of malware that harnesses the victim's computer resources, primarily CPU and RAM, to engage in cryptocurrency mining, such as for Monero or Zcash. This malware establishes persistence by integrating an open-source mining tool into the system's startup routine without the user's consent. Advanced coin miners often employ techniques like timer configurations or CPU usage limits to operate discreetly and avoid detection.
| File | Keygen_For_Fake_2021_11_by_ReverseCodez.exe |
| Checked | 2024-07-13 22:31:39 |
| MD5 | 6da69b8791c12096042659efcca980c5 |
| SHA1 | f0612c041b348a9c36af965257549e588eb8e319 |
| SHA256 | 27faca387d9a8e5c7e43366b3eb4e0e108c9bc1bbfade960a7a41eb134f0eae0 |
| SHA512 | bd752b04820e4aa862fb4fc9dcd1d2a6571eaf326f043d88544cd0fba953c8ee297be067a0a4c261847efd35896bc5f8b92c0612539f4ec3c5ccd53c2f3b58ff |
| Imphash | f34d5f2d4577ed6d9ceec516c1f5a744 |
| File Size | 159232 bytes |
Trojan.Win32.CoinMiner.ns Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win32.CoinMiner.ns without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
| Translation | 0x0000 0x04b0 |
| Comments | |
| CompanyName | |
| FileDescription | Keygen |
| FileVersion | 1.0.0.0 |
| InternalName | Keygen2020.exe |
| LegalCopyright | Copyright © 2021 |
| LegalTrademarks | |
| OriginalFilename | Keygen2020.exe |
| ProductName | Keygen |
| ProductVersion | 1.0.0.0 |
| Assembly Version | 1.0.0.0 |
Portable Executable Info
 |
97d50cf5e83327b5ad43227830bd48f9 6c49fad5477be665e46394a07ad7e0bf 704dccd4e4e8f0d0 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x0042c00a |
| Compilation: | 2023-02-04 19:09:24 |
| Checksum: | 0x00000000 (Actual: 0x00027aee) |
| OS Version: | 4.0 |
| PEiD: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 5 |
| Imports: | mscoree, |
| Exports: | 0 |
| Resources: | 7 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| e^JyB5 ] | 0x00002000 | 0x00014300 | 0x00014400 | 1946f7fdfa4b736fa222126f2a7ccae0 | 8.00 |
| .text | 0x00018000 | 0x0000bbcc | 0x0000bc00 | 89c073f6f8030d39cccbc5d7bcb1ad98 | 5.22 |
| .rsrc | 0x00024000 | 0x000064a6 | 0x00006600 | b08970d19f57e9ba3e2026b2bab9cc95 | 4.14 |
| 0x0002c000 | 0x00000010 | 0x00000200 | 6f55453efde4923a1b69cef6bf806365 | 0.14 | |
| .reloc | 0x0002e000 | 0x0000000c | 0x00000200 | 99cd0cb485d94d155a53d4dd92c3c62f | 0.10 |
