Security home


Home / malwarePDF  


First posted on 23 June 2012.
Source: Microsoft

Aliases :

Trojan:BAT/MineBicoin.B is also known as BAT/Miner.A (Command), BAT/Miner.BA (AVG), Trojan.BAT.Miner.i (Kaspersky), W32/Miner.A (Norman), BAT_MINER.LEX (Trend Micro), Bitcoin Miner (Sophos), W32/Miner.A.dropper (Norman).

Explanation :

Trojan:BAT/MineBicoin.B is a batch script that runs another program which results in the mining of Bitcoins, a decentralized digital currency.


This batch file is included in a self-extracting RAR file, which also contains a standard Bitcoin mining program, and another program used to hide windows.

When extracted, the RAR file launches the window-hiding program, which in turn launches the batch file detected as Trojan:BAT/MineBicoin.B. The batch file then launches the Bitcoin mining program, which runs usually without your knowledge.

The batch file may have any of the following file names:

  • yz.bat
  • gtest.cmd

The Bitcoin mining program, detected as Program:Win32/CoinMiner, may have any of the following file names:

  • mamita.exe
  • svchoost.exe
  • cgminer.exe

The window-hiding program may have any of the following file names:

  • hid.exe
  • hsbc.exe
  • hsbca.exe


Runs a program without consent

During execution of the dropper, it runs the window hiding program, which runs MineBicoin.B, which in turn runs the mining program. Any Bitcoins mined on your computer are recorded on the server "".

Analysis by Chris Stubbs

Last update 23 June 2012



Malware :