Virus | FortiGuard Labs (2024)

Table of Contents
Virus Analysis Recommended Action Detection Availability

Virus | FortiGuard Labs (2)Analysis



Riskware/CoinMiner is a generic detection for a Riskware. Since this is a generic detection, malware that are detected as Riskware/CoinMiner may have varying behaviour.
Below are examples of its behaviours:

  • This detection is based on a characteristics mostly involved in Bitcoin mining tools.These tools have been found to be used by attackers implanted on unsuspecting users, utilizing the host machine as possible bitcoin miners.

  • This Riskware may come in various form like Win32, Javascript, or MSI installers, but either of which the main functionality is to implant bitcoin mining.

  • Below are some dropped files observed for some samples of this Riskware:
    • %AllUsers%\Microsoft\Windows\Start Menu\Programs\Startup\gdlhost.lnk
    • %AllUsers%\Windows\csrs.exe
    • %AllUsers%\Windows\svchost.vbs
    • %AppData%\Local\Windows\1.bat
    • %AppData%\Local\Windows\1514594927_log.txt
    • %AppData%\Local\Windows\csrs.exe
    • %AppData%\Local\Windows\svchost.vbs
    • %AppData%\Roaming\Coresource\gdlhost.exe
    • %AppData%\Roaming\Coresource\gdlhost.vbs
    • %AppData%\Roaming\Coresource\pools.txt
    • %AppData%\Roaming\Coresource\start_64bit.bat
    • %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup\gdlhost.lnk
    • %ProgramData%\Windows\csrs.exe
    • %ProgramData%\Windows\svchost.vbs
    • %Windows%\Installer\{3CCAB43F-381B-4CC1-890A-B41909843709}\gdlhost.exe
    • %Windows%\Installer\{3CCAB43F-381B-4CC1-890A-B41909843709}\icon.exe
    • %Windows%\Installer\{3CCAB43F-381B-4CC1-890A-B41909843709}\IDM6.2B.2.exe
    • %Windows%\Installer\{3CCAB43F-381B-4CC1-890A-B41909843709}\IDM6.2B.2.exe
    • %Windows%\Installer\1e4eed.msi
    Some of the above mentioned files are detected as Riskware/CoinMiner.

  • Below are some of the observable effects of this Riskware:
    Virus | FortiGuard Labs (3)
    • Figure 1: CoinMiner notes.

    Virus | FortiGuard Labs (4)
    • Figure 2: CoinMiner embedded within sites via Javascript.

    Virus | FortiGuard Labs (5)
    • Figure 3: Coinminer embedded within installers.

  • There were some instances that are command line utilities directly used as coin miners:
    Virus | FortiGuard Labs (6)
    • Figure 4: XMrig Command line utility.
See Also
Protection against the Coinminer malware

Virus | FortiGuard Labs (7)Recommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR
ID 6883379
Released Apr 23, 2018
Description
Updated		 Sep 09, 2015
Aliases JS/CoinMiner.F potentially unwanted application,Application.BitCoinMiner.SX,JS/CoinMiner.A potentially unwanted application,not-a-virus:RiskTool.Win32.Generic,CoinMiner application,Win64/CoinMiner.J trojan,Troj/Miner-BP,JS/Miner.i trojan,C
Platform Profile Riskware is a term for potentially unwanted or dangerous software programs that do not fall under Adware. They could be legitimate software applications that may be misused and pose possible security risks to users.
Profile Type Trojan
Virus | FortiGuard Labs (2024)
Top Articles
Blacklist and Whitelist vs. Blocklist and Allowlist in UX Design
Examples of "Wraith" in a Sentence
Hotels
Loves Employee Pay Stub
Costco The Dalles Or
Klustron 9
Best Transmission Service Margate
His Lost Lycan Luna Chapter 5
Produzione mondiale di vino
Visustella Battle Core
Morgan Wallen Pnc Park Seating Chart
Echo & the Bunnymen - Lips Like Sugar Lyrics
charleston cars & trucks - by owner - craigslist
Peraton Sso
Craigslist Red Wing Mn
1773X To
Loves Employee Pay Stub
91 East Freeway Accident Today 2022
A Cup of Cozy – Podcast
Airline Reception Meaning
Current Students - Pace University Online
Promatch Parts
Evil Dead Rise - Everything You Need To Know
Busted! 29 New Arrests in Portsmouth, Ohio – 03/27/22 Scioto County Mugshots
Scat Ladyboy
Brenda Song Wikifeet
Flixtor Nu Not Working
Chase Bank Cerca De Mí
Morlan Chevrolet Sikeston
Everything You Need to Know About NLE Choppa
Blue Beetle Movie Tickets and Showtimes Near Me | Regal
Today's Final Jeopardy Clue
Autozone Locations Near Me
Hisense Ht5021Kp Manual
Srg Senior Living Yardi Elearning Login
Invalleerkracht [Gratis] voorbeelden van sollicitatiebrieven & expert tips
2700 Yen To Usd
Emily Tosta Butt
Www.craigslist.com Waco
Silicone Spray Advance Auto
4k Movie, Streaming, Blu-Ray Disc, and Home Theater Product Reviews & News
Mother Cabrini, the First American Saint of the Catholic Church
Costco The Dalles Or
Leland Westerlund
Adams-Buggs Funeral Services Obituaries
Okta Login Nordstrom
786 Area Code -Get a Local Phone Number For Miami, Florida
Immobiliare di Felice| Appartamento | Appartamento in vendita Porto San
Ret Paladin Phase 2 Bis Wotlk
Southern Blotting: Principle, Steps, Applications | Microbe Online
Latest Posts
What is troubleshooting and why is it important?
Why do Humans make inadvertent mistakes and how can we stop them? Part 2.
Article information

Author: Greg O'Connell

Last Updated:

Views: 5954

Rating: 4.1 / 5 (62 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Greg O'Connell

Birthday: 1992-01-10

Address: Suite 517 2436 Jefferey Pass, Shanitaside, UT 27519

Phone: +2614651609714

Job: Education Developer

Hobby: Cooking, Gambling, Pottery, Shooting, Baseball, Singing, Snowboarding

Introduction: My name is Greg O'Connell, I am a delightful, colorful, talented, kind, lively, modern, tender person who loves writing and wants to share my knowledge and understanding with you.