Home / malware Trojan:BAT/Micuda.A
First posted on 27 October 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:BAT/Micuda.A.
Explanation :
Threat behavior
Installation
Trojan:BAT/Micuda.A is a batch script that is installed on your PC by TrojanDropper:Win32/Micuda.
It is commonly installed with a number of bitcoin mining library files. We have seen it installed in the following locations:
- %ProgramFiles% \PCDApp
- %ProgramFiles% \PCData
We have seen it use various file names, such as:
- astart.bat
- cstart.bat
- nstart.bat
Payload
Bitcoin mining
Trojan:BAT/Micuda.A launches a bitcoin mining application installed on your PC by TrojanDropper:Win32/Micuda. It launches the application and passes it parameters so it can contact servers that the malware author has setup accounts on. We have seen it contact the following servers:
- dataping.net
- software-cdn.net
The bitcoin mining application then runs in the background and uses your PCs system resources. This can make your PC run slower than usual.
Analysis by Amir Fouda
Symptoms
The following could indicate that you have this threat on your PC:
- You have these files:
astart.bat
cstart.bat
nstart.bat
- Your PC is running slower than usual
Last update 27 October 2014