|
Title: [YAC] Antivirus friendly minerd for Windows Post by: testz on May 10, 2013, 01:47:51 PM Warning! Please don’t download this minerd until investigation will finish!
https://bitcointalk.org/index.php?topic=202168.0 Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers. Here you can find antivirus friendly version of minerd: *Link Deleted due to virus risk* It’s a regular version of minerd from: https://bitcointalk.org/index.php?topic=199517.msg2085725#msg2085725 protected by Themida Software Protection System: http://www.themida.com/themida.php In archive you can also find original minerd.exe renamed to minerd.exe.org. Enjoy! If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX UPDATE: Because download link was deleted, you can use following information in order to check which version of minerd you have. cpuminer-scrypt-jane-win32-themida.zip, 1 072 430 bytes, MD5: 140fbb3752bef03488213f42e2b723d8 contains: libcurl-4.dll, 342 248 bytes, MD5: 68697def69624288de1aab316ad82943 minerd.exe, 803 186 bytes, MD5: 932e2bdc5c64d29d79cca201bc9430bf Protected version minerd.exe.org, 332 658 bytes, MD5: 142cc0dcca5341c7d85695529425bd61 Original version pthreadGC2.dll, 66 753 bytes, MD5: 256201d639f8a296ebbe84730c420272 If you have something else – it’s a not cpuminer-scrypt-jane-win32-themida.zip Please don’t use this protected/not protected minerd until investigation will finish! Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: BaronMcG on May 10, 2013, 02:06:42 PM caution, novirusthanks detects as trojan - and the sample distributed too just in case, we wouldnt want any skiddy crypters remaining useful.
http://vscan.novirusthanks.org/analysis/932e2bdc5c64d29d79cca201bc9430bf/bWluZXJkLWV4ZQ==/ Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: jayjay2244 on May 10, 2013, 02:15:44 PM Uploads to virus total...... a few days later oh wait its suddenly getting detected. ;)
Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: BaronMcG on May 10, 2013, 02:18:00 PM i'd run it in a sandbox and give a better analysis but i've better things to do with my time :) personally i'd never trust anything just randomly posted on here or anywhere, deserves to be flagged just in case anyhow.
Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: MrWizard on May 10, 2013, 02:20:18 PM virustotal.com scores this "15 / 46" i.e. if the 46 scan engines it uses 16 flagged this as malware.
It may or not be malware, but I call bullshit on being "antivirus friendly". Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: anderl on May 11, 2013, 01:20:49 PM did anyone download this?
Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: Mushoz on May 11, 2013, 01:41:30 PM DO NOT DOWNLOAD THIS. INFECTED WITH A WALLET STEALER I THINK. Doesn't want to run with a process monitor running. Suspect as hell:
http://i39.tinypic.com/dtzl4.jpg Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: testz on May 11, 2013, 02:24:19 PM It’s doesn’t run under process monitor because it’s protected by Themida Software Protection System: http://www.themida.com/themida.php
This protection also blocks different kind of debuggers, tracers, etc. It’s only the protection; in the archive you have original (not protected minerd) minerd.exe.org, you can rename it to exe and run under process monitor. Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: TheSwede75 on May 11, 2013, 02:51:43 PM Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers. Here you can find antivirus friendly version of minerd: https://mega.co.nz/#!shoxkb5b!DjiCAQBQ627TaW0oet1C7mvqM7Q2-2u-g4kDRHbniU4 It’s a regular version of minerd from: https://bitcointalk.org/index.php?topic=199517.msg2085725#msg2085725 protected by Themida Software Protection System: http://www.themida.com/themida.php In archive you can also find original minerd.exe renamed to minerd.exe.org. Enjoy! If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX Yeah, lets all download your scammy ass keylogger from Mega.. damn you are retarded. Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: TheSwede75 on May 11, 2013, 02:52:46 PM Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers. Here you can find antivirus friendly version of minerd: https://mega.co.nz/#!shoxkb5b!DjiCAQBQ627TaW0oet1C7mvqM7Q2-2u-g4kDRHbniU4 It’s a regular version of minerd from: https://bitcointalk.org/index.php?topic=199517.msg2085725#msg2085725 protected by Themida Software Protection System: http://www.themida.com/themida.php In archive you can also find original minerd.exe renamed to minerd.exe.org. Enjoy! If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX Why would we need your donation address? That's where the BTC of anyone who downloads your trojan filled POS software goes automatically. Tool. Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: nullbitspectre1848 on May 11, 2013, 03:11:01 PM Can someone please confirm for me the file name of this download?
I have all my downloaded clients in a folder and want to see if I downloaded this one. Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: anonynonanony on May 11, 2013, 03:12:22 PM Can someone please confirm for me the file name of this download? I have all my downloaded clients in a folder and want to see if I downloaded this one. I think the tell is in the filesize of minerd.exe Is >700k not throwing up red flags for anyone else? Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: ntkrnl on May 11, 2013, 03:15:52 PM i load it with ollydbg
it's not packed............. so where is themida? Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: nullbitspectre1848 on May 11, 2013, 03:18:48 PM Can someone please confirm for me the file name of this download? I have all my downloaded clients in a folder and want to see if I downloaded this one. I think the tell is in the filesize of minerd.exe Is >700k not throwing up red flags for anyone else? What I mean is I need the actual download file name, the zip file name. I have a cpuminer-scrypt-jane-win32.zip, I need to confirm if this is the name of the zip file or if it is cpuminer-scrypt-jane-win32-themida.zip as posted in another thread. Any help would be greatly appreciated. Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: anonynonanony on May 11, 2013, 03:36:18 PM for what its worth, protecting the compiled 32bit minerd that is shown in the screenshot (325kb) with themida32 gives you an executable of ~850kb, not 785kb. I've "protected" the file 10 times, and only the size only differs by a few k each time. thoughts?
Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: seleme on May 11, 2013, 03:39:19 PM virustotal.com scores this "15 / 46" i.e. if the 46 scan engines it uses 16 flagged this as malware. It may or not be malware, but I call bullshit on being "antivirus friendly". Virustotal detects some 35 "viruses" on original pooler's miner. Title: Re: [YAC] Antivirus friendly minerd for Windows Post by: testz on May 11, 2013, 03:44:37 PM Can someone please confirm for me the file name of this download? I have all my downloaded clients in a folder and want to see if I downloaded this one. cpuminer-scrypt-jane-win32-themida.zip, 1072430 bytes, MD5: 140fbb3752bef03488213f42e2b723d8 contains: libcurl-4.dll, 342248 bytes, MD5: 68697def69624288de1aab316ad82943 minerd.exe, 803186 bytes, MD5: 932e2bdc5c64d29d79cca201bc9430bf minerd.exe.org, 332658 bytes, MD5: 142cc0dcca5341c7d85695529425bd61 pthreadGC2.dll, 66753 bytes, MD5: 256201d639f8a296ebbe84730c420272 If you have something else – it’s a not cpuminer-scrypt-jane-win32-themida.zip |
