Threat Database Malware Win32/Bocinex


By SpideyMan in Malware

Threat Scorecard

Ranking: 4,724
Threat Level: 20 % (Normal)
Infected Computers: 815
First Seen: April 12, 2012
Last Seen: September 19, 2023
OS(es) Affected: Windows

Win32/Bocinex is a malware infection that starts a Bitcoin mining client, identified as Program:Win32/CoinMiner. The client is set up to assign newly produced Bitcoin digital cash, or 'BTC', to a Bitcoin account of an attacker. Win32/Bocinex may propagate through malicious links included in instant messages, spam email attachments, or downloads of its installer that is covered as another valuable program. The installer is often a randomly named file that is in the form of a self-extracting executable archive (RarSFX), for instance, as in "169E.exe" or "9D1A.exe".

File System Details

Win32/Bocinex may create the following file(s):
# File Name Detections
1. %TEMP%\xC.exe
2. %TEMP%\Winlogons.exe


Win32/Bocinex may call the following URLs:


Most Viewed