SCAM alert! The coin creator software by Xevox is a wallet stealer!

[jukka]

Why not? the program takes multiple files from the user's computer, and uploads to a remote FTP, that seems pretty malicious to me, or at least warrants a BIG RED warning to the user:
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".

So, any software that has libraries to access FTP (browsers, ftp clients, file uploaders, dropbox clones, html editors) will be detected as virii?
This is social engineering, only an human can detect it
Next time the OP will install a good firewall like this http://www.sphinx-soft.com/Vista/order.html or run unknown software in a virtual machine

But applications which upload wallets could be at least be warned! It is not normal that applications upload wallet files! If AV cannot detect this how can anybody trust in a single wallet?

Regarding the FW is free version enough for a regular user?

[Forexperiments]

But applications which upload wallets could be at least be warned!

From a computer point of view, the wallet it's just a file
Suppose you want to copy the wallet to another computer, is this a legitimate action, or is a virus?
How can an antivirus do such decisions? What an AV does is to just compare it to a known list of malware. Or detect something suspicious, like editing critical files/place itself in autorun

[xux99]

For those who would like to examine the virus, here is a link of the original file. Please don't run the CoinGen.exe

[jukka]

when i scanned it with virustotal, it reported 1 red flag

Well that goes to show that you cannot trust virus total. Last time I trust that bitch.

vt is junk. upload to malwr and you would have seen very clearly.
common sense would have been best defense though.

Tested this and here is the result, so that could not helped either!


    Error: Analysis failed: The package "modules.packages.exe" start function raised an error: Unable to execute initial process, analysis aborted

File Details
File Name    CoinGen.exe
File Size    500736 bytes
File Type    PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5    c2ab580d501cbc47d5cebd920abb2e84
SHA1    bf990585b666e8dc0084aa6ef079e14c747e002e
SHA256    dab61b5f3270ca9b72540a29b1f7777e147fb543a4e87cc33378dafcafb20ccf
SHA512    6fbe68e3c64e81029bfa1de8beaefed9cca7b6a5c735ec339419b5addac9363773cd159b325d317 b3c94bade9d4b834844872bdf6cd2fb3b08b863897bb89778
CRC32    B5DA53E1
Ssdeep    12288:gzn45Ov0iZJxBy18nBHhfivB8HGEBzkSyD2k/kwHlbjaqOwr4b9JBQ2Y6MCIaZf2:5
Yara    None matched

[jukka]

But applications which upload wallets could be at least be warned!

From a computer point of view, the wallet it's just a file
Suppose you want to copy the wallet to another computer, is this a legitimate action, or is a virus?
How can an antivirus do such decisions? What an AV does is to just compare it to a known list of malware. Or detect something suspicious, like editing critical files/place itself in autorun

Ok, I (CLEARLY) am not expert in this area

What about this other question I had regarding the product you proposed:

Regarding the FW is free version enough for a regular user?

[Amph]

I'll never understand these morons. He did all that work for 1 Litecoin. If he actually directed his energy towards something good, he could've made way more money with those programming skills. And now he's going to hell, if there is a hell.

he can just make another aka and create client with wallet stealer, which is even worse

[jukka]

I'll never understand these morons. He did all that work for 1 Litecoin. If he actually directed his energy towards something good, he could've made way more money with those programming skills. And now he's going to hell, if there is a hell.

Hey! It was my precious litecoin you are now talking!

But honestly, he could have more if he would not had become greedy and asked BTC for the application, and yes, I also like to think that maby I helped somebody by telling about this and decompiling the code.

However, some people, even in this thread, have been attacking me for opening this thread (and yes, also requesting a little donation (havent got anything though)). It looks like that in this forum it is ok, to just beg coins in some thread but not ask donation if you have lost something and by doing that maybe helping others!

It really makes me sad!

[Xelpherpolis]

I think the FTP password changed sadly, would be interesting to see what is stored on the scammers account.

[jukka]

I think the FTP password changed sadly, would be interesting to see what is stored on the scammers account.

I know the LTC addres the fucker is using but I think that I will keep that as my little secret. God damn, a whole pint of beer! That is robbery!

[drippx]

when i scanned it with virustotal, it reported 1 red flag

Well that goes to show that you cannot trust virus total. Last time I trust that bitch.

You do know that virus total is scanned with 52 virus software engines, so if you cant trust virustotal you cant trust all virus protection softwares made

Best to use new shady softwares on a computer separate from your main system

[var53]

For those who would like to examine the virus, here is a link of the original file. Please don't run the CoinGen.exe

Thanks for uploading this file so we can have a look at it for ourselves.

[Forexperiments]

What about this other question I had regarding the product you proposed:

Regarding the FW is free version enough for a regular user?

yes
it will ask you permission to access the internet for ANY application on your pc (hence, for the first two weeks is extremely annoying, as it wil ask for ANY app, even system apps)

[bodiun]

Thank you for reminding me.
I will be away from this coin, thank you.

[jukka]

What about this other question I had regarding the product you proposed:

Regarding the FW is free version enough for a regular user?

yes
it will ask you permission to access the internet for ANY application on your pc (hence, for the first two weeks is extremely annoying, as it wil ask for ANY app, even system apps)

Ok, I will check that! Thanks!

[PereguineBerty]

jukka - gotta say you've done a great job with exposing this fraudster.

A lot of people wouldn't have been able to notice what you did and you've likely saved many people from losing a lot of money. Credit where credit is due!!!

[jukka]

jukka - gotta say you've done a great job with exposing this fraudster.

A lot of people wouldn't have been able to notice what you did and you've likely saved many people from losing a lot of money. Credit where credit is due!!!

Thank you! I really appreciate it!

[milly6]

The funny part is that people come and post "these scumbags!" and stuff, but in reality at least 1 of these people commenting is a thief too, if not more.

[kokojie]

Why not? the program takes multiple files from the user's computer, and uploads to a remote FTP, that seems pretty malicious to me, or at least warrants a BIG RED warning to the user:
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".

So, any software that has libraries to access FTP (browsers, ftp clients, file uploaders, dropbox clones, html editors) will be detected as virii?
This is social engineering, only an human can detect it
Next time the OP will install a good firewall like this http://www.sphinx-soft.com/Vista/order.html or run unknown software in a virtual machine

Not detected as virus, but just popup a warning, then the user will know if the program is doing what it suppose to do. Firewall is basically the same thing, it will popup a warning when the program first trying to upload something. The downside to firewall is that it only works when the program has already ran, and firewall could fail to work. While scanning can be done without executing the program.

[Forexperiments]

While scanning can be done without executing the program.

Did you see the code? With such a simple code, the antivirus would report as suspicious 95% of software, and the users will click "run anyway" without reading.
About warnings, since he is using Windows, OP totally ignored the microsoft smartscreen warning saying that this is an untrusted app from the internet.
Do you think that another warning, that would appear by running almost every app downloaded from the net would have been more effective?

And also, don't forget that the app is compiled, would you accept a delay of 3-4 seconds in opening every app because the AV has to check if the decompiled code is "safe"? (and also must check in the future, against tamperings)

[kokojie]

While scanning can be done without executing the program.

Did you see the code? With such a simple code, the antivirus would report as suspicious 95% of software, and the users will click "run anyway" without reading.
About warnings, since he is using Windows, OP totally ignored the microsoft smartscreen warning saying that this is an untrusted app from the internet.
Do you think that another warning, that would appear by running almost every app downloaded from the net would have been more effective?

And also, don't forget that the app is compiled, would you accept a delay of 3-4 seconds in opening every app because the AV has to check if the decompiled code is "safe"? (and also must check in the future, against tamperings)

95% of software do not upload your local files to a remote FTP, so they won't trigger this warning.

I was talking about scanning the file without executing it. The "run time scanner" don't have to be this thorough, but there's no reason for the regular scanner not able to spend the time to decompile and warn. I think most people would depend on the "regular scanner" to scan unknown files, they don't usually just execute unknown files from Internet and pray the "run time scanner" can intercept bad things.