[YAC] Antivirus friendly minerd for Windows

[testz]

Warning! Please don’t download this minerd until investigation will finish!
https://bitcointalk.org/index.php?topic=202168.0

Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers.

Here you can find antivirus friendly version of minerd:
*Link Deleted due to virus risk*
It’s a regular version of minerd from: https://bitcointalk.org/index.php?topic=199517.msg2085725#msg2085725
protected by Themida Software Protection System: http://www.themida.com/themida.php

In archive you can also find original minerd.exe renamed to minerd.exe.org.
Enjoy!

If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX

UPDATE: Because download link was deleted, you can use following information in order to check which version of minerd you have.
cpuminer-scrypt-jane-win32-themida.zip, 1 072 430 bytes, MD5: 140fbb3752bef03488213f42e2b723d8 contains:
libcurl-4.dll, 342 248 bytes, MD5: 68697def69624288de1aab316ad82943
minerd.exe, 803 186 bytes, MD5: 932e2bdc5c64d29d79cca201bc9430bf Protected version
minerd.exe.org, 332 658 bytes, MD5: 142cc0dcca5341c7d85695529425bd61 Original version
pthreadGC2.dll, 66 753 bytes, MD5: 256201d639f8a296ebbe84730c420272

If you have something else – it’s a not cpuminer-scrypt-jane-win32-themida.zip
Please don’t use this protected/not protected minerd until investigation will finish!

[1714099683]

1714099683

[BaronMcG]

caution, novirusthanks detects as trojan - and the sample distributed too just in case, we wouldnt want any skiddy crypters remaining useful.

http://vscan.novirusthanks.org/analysis/932e2bdc5c64d29d79cca201bc9430bf/bWluZXJkLWV4ZQ==/

[jayjay2244]

Uploads to virus total...... a few days later oh wait its suddenly getting detected. 

[BaronMcG]

i'd run it in a sandbox and give a better analysis but i've better things to do with my time personally i'd never trust anything just randomly posted on here or anywhere, deserves to be flagged just in case anyhow.

[MrWizard]

virustotal.com scores this "15 / 46"  i.e. if the 46 scan engines it uses 16 flagged this as malware.

It may or not be malware, but I call bullshit on being "antivirus friendly".

[anderl]

did anyone download this?

[Mushoz]

DO NOT DOWNLOAD THIS. INFECTED WITH A WALLET STEALER I THINK. Doesn't want to run with a process monitor running. Suspect as hell:

[testz]

It’s doesn’t run under process monitor because it’s protected by Themida Software Protection System: http://www.themida.com/themida.php
This protection also blocks different kind of debuggers, tracers, etc.
It’s only the protection; in the archive you have original (not protected minerd) minerd.exe.org, you can rename it to exe and run under process monitor.

[TheSwede75]

Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers.

Here you can find antivirus friendly version of minerd:
https://mega.co.nz/#!shoxkb5b!DjiCAQBQ627TaW0oet1C7mvqM7Q2-2u-g4kDRHbniU4

It’s a regular version of minerd from: https://bitcointalk.org/index.php?topic=199517.msg2085725#msg2085725
protected by Themida Software Protection System: http://www.themida.com/themida.php

In archive you can also find original minerd.exe renamed to minerd.exe.org.
Enjoy!

If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX

Yeah, lets all download your scammy ass keylogger from Mega.. damn you are retarded.

[TheSwede75]

Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers.

Here you can find antivirus friendly version of minerd:
https://mega.co.nz/#!shoxkb5b!DjiCAQBQ627TaW0oet1C7mvqM7Q2-2u-g4kDRHbniU4

It’s a regular version of minerd from: https://bitcointalk.org/index.php?topic=199517.msg2085725#msg2085725
protected by Themida Software Protection System: http://www.themida.com/themida.php

In archive you can also find original minerd.exe renamed to minerd.exe.org.
Enjoy!

If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX

Why would we need your donation address? That's where the BTC of anyone who downloads your trojan filled POS software goes automatically. Tool.

[nullbitspectre1848]

Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

[anonynonanony]

Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

I think the tell is in the filesize of minerd.exe

Is >700k not throwing up red flags for anyone else?

[ntkrnl]

i load it with ollydbg
it's not packed.............
so where is themida?

[nullbitspectre1848]

Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

I think the tell is in the filesize of minerd.exe

Is >700k not throwing up red flags for anyone else?

What I mean is I need the actual download file name, the zip file name.

I have a cpuminer-scrypt-jane-win32.zip, I need to confirm if this is the name of the zip file or if it is cpuminer-scrypt-jane-win32-themida.zip as posted in another thread.

Any help would be greatly appreciated.

[anonynonanony]

for what its worth, protecting the compiled 32bit minerd that is shown in the screenshot (325kb) with themida32 gives you an executable of ~850kb, not 785kb.  I've "protected" the file 10 times, and only the size only differs by a few k each time.  thoughts?

[seleme]

virustotal.com scores this "15 / 46"  i.e. if the 46 scan engines it uses 16 flagged this as malware.

It may or not be malware, but I call bullshit on being "antivirus friendly".

Virustotal detects some 35 "viruses" on original pooler's miner.

[testz]

Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

cpuminer-scrypt-jane-win32-themida.zip, 1072430 bytes, MD5: 140fbb3752bef03488213f42e2b723d8 contains:
libcurl-4.dll, 342248 bytes, MD5: 68697def69624288de1aab316ad82943
minerd.exe, 803186 bytes, MD5: 932e2bdc5c64d29d79cca201bc9430bf
minerd.exe.org, 332658 bytes, MD5: 142cc0dcca5341c7d85695529425bd61
pthreadGC2.dll, 66753 bytes, MD5: 256201d639f8a296ebbe84730c420272

If you have something else – it’s a not cpuminer-scrypt-jane-win32-themida.zip