Win32/Tiggre!rfn Description

The Win32/Tiggre!rfn detection name is employed by various AV utilities and relates to a CPU Miner tool. The Win32/Tiggre!rfn detection name refers to a program that is known to run as 'cherry.exe' on computers. 'cherry.exe' may be downloaded by riskware and free software bundles that rely on some form of monetization to maintain operations. Files and programs that are marked as Win32/Tiggre!rfn might boot with Windows and may be found under the AppData directory. The Win32/Tiggre!rfn detection name is not used by all AV vendors and some may refer to the same code with the following names:

  • AIT:Trojan.Nymeria.234
  • AIT:Trojan.Nymeria.234 (2x)
  • BehavesLike.Win32.MultiPlug.dh
  • HEUR/QVM10.1.1ECA.Malware.Gen
  • ML.Attribute.HighConfidence
  • W32/Autoit.CGO!tr
  • Win32/Autoit.ODG
  • malicious.64b102

'cherry.exe' may be used to mine for Bitcoin (BTC), Monero (XMR), Ethereum (ETH) and other cryptocurrencies. As you may know, the mining of currencies like Bitcoin is very taxing on machines and require users to be aware of how it can reflect on their electricity bill and the lifespan of their machine. The mining operation performed by applications marked as Win32/Tiggre!rfn involves verifying encrypted blocks of data. You need a powerful processor to realize a profit from applications like 'cherry.exe.' Unfortunately, Win32/Tiggre!rfn may refer to programs that are used by threat actors who exploit system resources on infected computers. The Win32/Tiggre!rfn-marked objects may be used to hijack your RAM and mine coins for third parties. It is recommended to delete the files and programs that may be tagged as Win32/Tiggre!rfn and the names listed above.