Teamredminer.exe Trojan CoinMiner Analysis

Trojan CoinMiner
Updated on 2024-06-19 (1 month ago)
Checked by Online Virus Scanner
Online Virus Checkerv.1.0.179.174
DB Version:2024-06-19 23:00:32

Trojan.Win64.CoinMiner.cl

CoinMiner is a type of malware that harnesses the victim's computer resources, primarily CPU and RAM, to engage in cryptocurrency mining, such as for Monero or Zcash. This malware establishes persistence by integrating an open-source mining tool into the system's startup routine without the user's consent. Advanced coin miners often employ techniques like timer configurations or CPU usage limits to operate discreetly and avoid detection.

Fileteamredminer.exe
Checked2024-06-19 20:45:08
MD5101b0a40228752f533e95d0bb2371a71
SHA13edefee9549fcb54957cbb54755bc47e3f60118d
SHA256f5db7224ab6463031015fb00d64e3eb4eade24b7e0c83a77cf5d79d6642e60bf
SHA512139e95eb6351d1338f8976b2b022179cc507f8578c3fa9e8f6d561584c1648b08c69752ab7894c8ad0612b1e5a31f2fef1901290b8fe9d8d995ece37de8994db
Imphash4a48f0320781637ed9d667c4dbfda0ae
File Size72190976 bytes

Trojan.Win64.CoinMiner.cl Removal

Trojan.Win64.CoinMiner.cl Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.CoinMiner.cl without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

File Version Information

FileDescriptionPOSIX WinThreads for Windows
ProductVersion1, 0, 0, 0
FileVersion1, 0, 0, 0
InternalNameWinPthreadGC
OriginalFilenameWinPthreadGC
CompanyNameMingW-W64 Project. All rights reserved.
LegalCopyrightCopyright (C) MingW-W64 Project Members 2010-2011
LicenceZPL
Infohttp://mingw-w64.sourceforge.net/
CommentGNU C build -- MinGW-w64 64-bit
Translation0x0409 0x04b0

Portable Executable Info

Image Base:0x00400000
Entry Point:0x00401500
Compilation:2024-05-06 09:33:37
Checksum:0x044e45e0 (Actual: 0x044e45e0)
OS Version:4.0
PEiD:PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
Sign:The PE file does not contain a certificate table.
Sections:10
Imports: KERNEL32, msvcrt, SETUPAPI, SHELL32, USER32, WS2_32, ADVAPI32, PSAPI, OpenCL,
Exports: 0
Resources:1

Sections

Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00001000 0x001efa78 0x001efc00 f9a047ac858aa68c69faa164c5f27413 6.45
.data 0x001f1000 0x04282270 0x04283000 0f0fec722752805a9c59143d55c3bd2d 8.00
.rdata 0x04474000 0x00050d00 0x00051000 441ae9a117cd95fa2b2bc41534fc4370 5.86
.pdata 0x044c5000 0x00007cd4 0x00007e00 bf6c6d6d30caa936ead0d27a0f476128 6.28
.xdata 0x044cd000 0x00009670 0x00009800 ded92089dc183cbf513a997ccd0d6c5d 4.85
.bss 0x044d7000 0x30d1d020 0x00000000 d41d8cd98f00b204e9800998ecf8427e 0.00
.idata 0x351f5000 0x00002a88 0x00002c00 666439ca0a9962f1345bc75b777c694e 4.63
.CRT 0x351f8000 0x00000070 0x00000200 1f2bec36af56a04f7c950799874b0bce 0.34
.tls 0x351f9000 0x00000068 0x00000200 8fbc6a476b19531a0a3ba64ee6c0c913 0.28
.rsrc 0x351fa000 0x00000450 0x00000600 a4382a22b39560aa8a2b09e19b30755b 2.62

Leave a comment*

Share your thoughts or insights about this file. Do you align with our conclusion?

*Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Please Wait...

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware