Bitcoin Forum
October 18, 2017, 03:00:49 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [YAC] Antivirus friendly minerd for Windows  (Read 6053 times)
testz
Legendary
*
Offline Offline

Activity: 1610


View Profile
May 10, 2013, 01:47:51 PM
 #1

Warning! Please don’t download this minerd until investigation will finish!
https://bitcointalk.org/index.php?topic=202168.0

Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers.

Here you can find antivirus friendly version of minerd:
*Link Deleted due to virus risk*
It’s a regular version of minerd from: https://bitcointalk.org/index.php?topic=199517.msg2085725#msg2085725
protected by Themida Software Protection System: http://www.themida.com/themida.php

In archive you can also find original minerd.exe renamed to minerd.exe.org.
Enjoy!

If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX

UPDATE: Because download link was deleted, you can use following information in order to check which version of minerd you have.
cpuminer-scrypt-jane-win32-themida.zip, 1 072 430 bytes, MD5: 140fbb3752bef03488213f42e2b723d8 contains:
libcurl-4.dll, 342 248 bytes, MD5: 68697def69624288de1aab316ad82943
minerd.exe, 803 186 bytes, MD5: 932e2bdc5c64d29d79cca201bc9430bf Protected version
minerd.exe.org, 332 658 bytes, MD5: 142cc0dcca5341c7d85695529425bd61 Original version
pthreadGC2.dll, 66 753 bytes, MD5: 256201d639f8a296ebbe84730c420272

If you have something else – it’s a not cpuminer-scrypt-jane-win32-themida.zip
Please don’t use this protected/not protected minerd until investigation will finish!

1508338849
Hero Member
*
Offline Offline

Posts: 1508338849

View Profile Personal Message (Offline)

Ignore
1508338849
Reply with quote  #2

1508338849
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508338849
Hero Member
*
Offline Offline

Posts: 1508338849

View Profile Personal Message (Offline)

Ignore
1508338849
Reply with quote  #2

1508338849
Report to moderator
1508338849
Hero Member
*
Offline Offline

Posts: 1508338849

View Profile Personal Message (Offline)

Ignore
1508338849
Reply with quote  #2

1508338849
Report to moderator
1508338849
Hero Member
*
Offline Offline

Posts: 1508338849

View Profile Personal Message (Offline)

Ignore
1508338849
Reply with quote  #2

1508338849
Report to moderator
BaronMcG
Newbie
*
Offline Offline

Activity: 22


View Profile
May 10, 2013, 02:06:42 PM
 #2

caution, novirusthanks detects as trojan - and the sample distributed too just in case, we wouldnt want any skiddy crypters remaining useful.

http://vscan.novirusthanks.org/analysis/932e2bdc5c64d29d79cca201bc9430bf/bWluZXJkLWV4ZQ==/
jayjay2244
Member
**
Offline Offline

Activity: 116


View Profile
May 10, 2013, 02:15:44 PM
 #3

Uploads to virus total...... a few days later oh wait its suddenly getting detected.  Wink

BaronMcG
Newbie
*
Offline Offline

Activity: 22


View Profile
May 10, 2013, 02:18:00 PM
 #4

i'd run it in a sandbox and give a better analysis but i've better things to do with my time Smiley personally i'd never trust anything just randomly posted on here or anywhere, deserves to be flagged just in case anyhow.
MrWizard
Sr. Member
****
Offline Offline

Activity: 252


View Profile
May 10, 2013, 02:20:18 PM
 #5

virustotal.com scores this "15 / 46"  i.e. if the 46 scan engines it uses 16 flagged this as malware.

It may or not be malware, but I call bullshit on being "antivirus friendly".

"I walked into the room dripping in Bitcoins.  Yea dripping in Bitcoins."
(BTC) 168DCCeGmDy3xTWRimLVhvKtK3yEWbpsSg     (LTC) LbYS8VFqFSU7B9bfaHD11seQMtrtYEKpLe
(BBQ) bNVZErvwLzpEG7H3kt1fycWspzRQB1MJzL
anderl
Hero Member
*****
Offline Offline

Activity: 714



View Profile
May 11, 2013, 01:20:49 PM
 #6

did anyone download this?
Mushoz
Hero Member
*****
Offline Offline

Activity: 686


Bitbuy


View Profile WWW
May 11, 2013, 01:41:30 PM
 #7

DO NOT DOWNLOAD THIS. INFECTED WITH A WALLET STEALER I THINK. Doesn't want to run with a process monitor running. Suspect as hell:


www.bitbuy.nl - Koop eenvoudig, snel en goedkoop bitcoins bij Bitbuy!
testz
Legendary
*
Offline Offline

Activity: 1610


View Profile
May 11, 2013, 02:24:19 PM
 #8

It’s doesn’t run under process monitor because it’s protected by Themida Software Protection System: http://www.themida.com/themida.php
This protection also blocks different kind of debuggers, tracers, etc.
It’s only the protection; in the archive you have original (not protected minerd) minerd.exe.org, you can rename it to exe and run under process monitor.

TheSwede75
Full Member
***
Offline Offline

Activity: 224



View Profile
May 11, 2013, 02:51:43 PM
 #9

Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers.

Here you can find antivirus friendly version of minerd:
https://mega.co.nz/#!shoxkb5b!DjiCAQBQ627TaW0oet1C7mvqM7Q2-2u-g4kDRHbniU4

It’s a regular version of minerd from: https://bitcointalk.org/index.php?topic=199517.msg2085725#msg2085725
protected by Themida Software Protection System: http://www.themida.com/themida.php

In archive you can also find original minerd.exe renamed to minerd.exe.org.
Enjoy!

If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX


Yeah, lets all download your scammy ass keylogger from Mega.. damn you are retarded.
TheSwede75
Full Member
***
Offline Offline

Activity: 224



View Profile
May 11, 2013, 02:52:46 PM
 #10

Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers.

Here you can find antivirus friendly version of minerd:
https://mega.co.nz/#!shoxkb5b!DjiCAQBQ627TaW0oet1C7mvqM7Q2-2u-g4kDRHbniU4

It’s a regular version of minerd from: https://bitcointalk.org/index.php?topic=199517.msg2085725#msg2085725
protected by Themida Software Protection System: http://www.themida.com/themida.php

In archive you can also find original minerd.exe renamed to minerd.exe.org.
Enjoy!

If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX


Why would we need your donation address? That's where the BTC of anyone who downloads your trojan filled POS software goes automatically. Tool.
nullbitspectre1848
Full Member
***
Offline Offline

Activity: 141



View Profile
May 11, 2013, 03:11:01 PM
 #11

Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

anonynonanony
Newbie
*
Offline Offline

Activity: 28



View Profile
May 11, 2013, 03:12:22 PM
 #12

Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

I think the tell is in the filesize of minerd.exe

Is >700k not throwing up red flags for anyone else?

BTC: 1QA7EMB5vPDJqhUWeXa6krppMa7DLsZVkF
YAC: YKos57wCeV2gdQJmwGsGFCZgcu3rGStYJD
ntkrnl
Jr. Member
*
Offline Offline

Activity: 46


View Profile
May 11, 2013, 03:15:52 PM
 #13

i load it with ollydbg
it's not packed.............
so where is themida?
nullbitspectre1848
Full Member
***
Offline Offline

Activity: 141



View Profile
May 11, 2013, 03:18:48 PM
 #14

Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

I think the tell is in the filesize of minerd.exe

Is >700k not throwing up red flags for anyone else?

What I mean is I need the actual download file name, the zip file name.

I have a cpuminer-scrypt-jane-win32.zip, I need to confirm if this is the name of the zip file or if it is cpuminer-scrypt-jane-win32-themida.zip as posted in another thread.

Any help would be greatly appreciated.

anonynonanony
Newbie
*
Offline Offline

Activity: 28



View Profile
May 11, 2013, 03:36:18 PM
 #15

for what its worth, protecting the compiled 32bit minerd that is shown in the screenshot (325kb) with themida32 gives you an executable of ~850kb, not 785kb.  I've "protected" the file 10 times, and only the size only differs by a few k each time.  thoughts?

BTC: 1QA7EMB5vPDJqhUWeXa6krppMa7DLsZVkF
YAC: YKos57wCeV2gdQJmwGsGFCZgcu3rGStYJD
seleme
Legendary
*
Offline Offline

Activity: 1092



View Profile
May 11, 2013, 03:39:19 PM
 #16

virustotal.com scores this "15 / 46"  i.e. if the 46 scan engines it uses 16 flagged this as malware.

It may or not be malware, but I call bullshit on being "antivirus friendly".

Virustotal detects some 35 "viruses" on original pooler's miner.

.SPECTRE.                ▄▄███▄▄
            ▄▄███▀▀▀▀▀███▄▄
▄▄      ▄▄███▀▀ ▄▄███▄▄ ▀▀███▄▄      ▄▄
████▄▄  ▀▀▀ ▄▄███████████▄▄ ▀▀▀  ▄▄████
  ▀▀████▄    ▀▀█████████▀▀    ▄████▀▀
 ██▄▄ ▀██ █▄▄    ▀▀▀▀▀    ▄▄█ ██▀ ▄▄██
 ▀▀███ ██ █████▄       ▄█████ ██ ███▀▀
      ██ ███████▄   ▄███████ ██
       ██ ████████   ████████ ██
       ██▄▄ ▀▀████   ████▀▀ ▄▄██
        ▀▀███▄▄ ▀▀   ▀▀ ▄▄███▀▀
            ▀▀███▄▄▄▄▄███▀▀
                ▀▀███▀▀
             │
     │      ███
     │      ███
    │     ███
███  │     ███
███ ███ ███ ███
███ ███ ███ ███
███ ███ ███ ███
███ ███ ███ ███
███ ███     │
███ ███     │
    │
 
▬▬     WHITEPAPER    ▬▬
FACEBOOK     TELEGRAM
TWITTER     SLACK     MEDIUM
.
PRE-SALE.
PUBLIC SALE.
testz
Legendary
*
Offline Offline

Activity: 1610


View Profile
May 11, 2013, 03:44:37 PM
 #17

Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

cpuminer-scrypt-jane-win32-themida.zip, 1072430 bytes, MD5: 140fbb3752bef03488213f42e2b723d8 contains:
libcurl-4.dll, 342248 bytes, MD5: 68697def69624288de1aab316ad82943
minerd.exe, 803186 bytes, MD5: 932e2bdc5c64d29d79cca201bc9430bf
minerd.exe.org, 332658 bytes, MD5: 142cc0dcca5341c7d85695529425bd61
pthreadGC2.dll, 66753 bytes, MD5: 256201d639f8a296ebbe84730c420272

If you have something else – it’s a not cpuminer-scrypt-jane-win32-themida.zip

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!