Author

Topic: BitBot Faucet Farmer - Malware Warning (Read 2461 times)

newbie
Activity: 42
Merit: 0
newbie
Activity: 23
Merit: 0
December 09, 2013, 07:32:10 PM
#4
I downloaded the file off: https://bitcointalk.org/index.php?topic=353317.20 -> malware://ge.tt/7b0tCb71/v/0
MD5SUM
\373a8c958464d1fb665755e9ea2500b4 *Downloads\\BitCoin Miner.exe

It is a self-extracting RAR archive (Proof)
Inside, there are several suspicious-looking files.
The VBS launched has this code inside:
Code:
CreateObject("WScript.Shell").Exec "cMegS.exe mzBrYaXnW.SIM"

cMegS.exe is a renamed AutoIt interpreter, and mzBrYaXnW.SIM is script, filled with blank lines so it's not easily read.
Let's clean it up: >findstr ".." mzBrYaXnW.SIM>malware.au3

My AV software recognizes it as Win32/Injector.Autoit.YC

Besides doing some evil things, it decrypts and loads QTj.MUK...
Let's decrypt it -> https://www.virustotal.com/en/file/7d1d803aeb3f20310c3c1dfb3d09ee44c1c0593764e045a134dbc9561d80d569/analysis/1386574798/


TL;DR - User x55xx77 at https://bitcointalk.org/index.php?topic=353317.20 is distributing malware


Unfortunately it has come to my attention that my computer was infected and someone merged my tool with a "Remote Administration tool" sorry for the inconvinience i am going to take the program down until i fix the issue , i hope no damage was done
newbie
Activity: 3
Merit: 0
December 09, 2013, 11:20:24 AM
#3
I don't see any reason why it shouldn't be a virus. Common sense: Don't download things that is supposed to give you money in return of nothing.

I know. It's always fun to see how they work, tho. Smiley
sr. member
Activity: 294
Merit: 250
December 09, 2013, 04:44:02 AM
#2
I don't see any reason why it shouldn't be a virus. Common sense: Don't download things that is supposed to give you money in return of nothing.
newbie
Activity: 3
Merit: 0
December 09, 2013, 02:49:49 AM
#1
I downloaded the file off: https://bitcointalk.org/index.php?topic=353317.20 -> malware://ge.tt/7b0tCb71/v/0
MD5SUM
\373a8c958464d1fb665755e9ea2500b4 *Downloads\\BitCoin Miner.exe

It is a self-extracting RAR archive (Proof)
Inside, there are several suspicious-looking files.
The VBS launched has this code inside:
Code:
CreateObject("WScript.Shell").Exec "cMegS.exe mzBrYaXnW.SIM"

cMegS.exe is a renamed AutoIt interpreter, and mzBrYaXnW.SIM is script, filled with blank lines so it's not easily read.
Let's clean it up: >findstr ".." mzBrYaXnW.SIM>malware.au3

My AV software recognizes it as Win32/Injector.Autoit.YC

Besides doing some evil things, it decrypts and loads QTj.MUK...
Let's decrypt it -> https://www.virustotal.com/en/file/7d1d803aeb3f20310c3c1dfb3d09ee44c1c0593764e045a134dbc9561d80d569/analysis/1386574798/


TL;DR - User x55xx77 at https://bitcointalk.org/index.php?topic=353317.20 is distributing malware
Jump to: