Pages:
Author

Topic: The BEST Bitcoin price ticker widget for Windows PC. (Recommend) - page 4. (Read 22678 times)

member
Activity: 210
Merit: 11
New exchange announcement.

BitcoinTrade Exchange



A Brazilian leading cryptocurrency exchange.
Segurança, Confiança, Agilidade.
Segurança para comprar Bitcoin, Ethereum, Ripple e Litecoin.
Brazilian Real (BRL, R$) supported.

Check it out on http://bittab.io/
member
Activity: 210
Merit: 11

Thank you for your request! We will start to check it soon!
member
Activity: 210
Merit: 11

Any plans on adding Bitmex to the list?

Finally! BitMEX on the BitTab! Please enjoy.
legendary
Activity: 2758
Merit: 6830
member
Activity: 210
Merit: 11
New exchange announcement.

BitMEX Exchange



Up to 100x leverage.
Trading without expiry dates.
Industry-leading security.

Check it out on http://bittab.io/
member
Activity: 210
Merit: 11
New exchange announcement.

Bitso Exchange



1. Fund your account wherever you are.
2. Send and receive money between your account and your bank.
3. Bitso keep your funds safe with the best processes and the most effective technology.
4. All of the wallets are multi-signature, meaning maximum security for your cryptos.

Check it out on http://bittab.io/
member
Activity: 210
Merit: 11
New exchange announcement.

Omgfin Exchange



Omgfin is the pioneer in building a trading system for digital assets focused on young investors and social network.
By connecting with professional investors, the goal is to bring together a community of traders who share experiences and help each other achieve their individual profit goals.

Check it out on http://bittab.io/
member
Activity: 210
Merit: 11
New update!


* You can watch the prices on the list without any widgets showing (bar or box widget)
* Improved Japanese and Korean translation
* Slightly faster retrieval


* Official support for Euro. (Previously, only USD was supported)
 - BitTab automatically convert crypto prices to EUR or USD
* Supports rounding off decimal : crypto price and fiat currency
* Supports international decimal symbols (radix) :  . (period) and , (comma)






The only and decent way to watch your coin prices on Windows desktop.
Easy, safe, powerful and intuitive.



For more : https://bittab.io
Original article: https://bitcointalksearch.org/topic/the-best-bitcoin-price-ticker-widget-for-windows-pc-recommend-4679957
member
Activity: 210
Merit: 11
Thank you for the post but I am still have concerns if you look at the report the mitre score is through the roof and it's showing hooking into other parts of the system.
The avast whitelist program is useless any script kid with $50 can buy a full encrypted virus that won't be detected by avast and by 99.5% of the AV's on virustotal.

Can you further explain the following information as you did not post the source code to your application in the crypto space being open is key and hybrid-analysis is very rarely wrong.

Code:
Spyware Found a string that may be used as part of an injection method
Persistence Writes data to a remote process
Fingerprint
Queries process information
Queries sensitive IE security settings
Queries the internet cache settings (often used to hide footprints in index.dat or internet cache)
Reads the active computer name
Reads the cryptographic machine GUID
Evasive
Marks file for deletion
Tries to sleep for a long time (more than two minutes)

Queries sensitive IE security settings

Registry Access

The analysis extracted a file that was identified as malicious

1/94 Antivirus vendors marked dropped file "BitTabSetup2.1b.2.tmp" as malicious (classified as "W32.Neshta.D")

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Neshta-A/detailed-analysis.aspx

[b]System Security
[/b]
Contains ability to elevate privileges

[email protected] at 15503-5232-00409408

[b]Modifies proxy settings[/b]

"BitTab.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"BitTab.exe" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")

Queries sensitive IE security settings

"BitTab.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")


I suspect this is dropping some form of spyware onto the machine the bounce back for one of them is the following..
https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Neshta-A/detailed-analysis.aspx

there is also anti-sandbox and anti-debugger works in there which lead me to believe this has something more packed inside.

The detection in the report's are not just from taskkill but from bittab and the tmp file's it's creating.




Thank you for your sincere concern. As you know, the file is 'packed' by installer and compressed with LZMA algorithm. It is 'self extracting' file that generates '.tmp' temporary file for essential procedure as a InnoSetup solution. We do not know how to interpret [Code:] and it seems to be very simplified.
Our answer is following:


Before explanation,
* BitTab's 'bar' and 'box' widgets are 'Internet Explorer Browser' based which means while running BitTab.exe, interactions with Internet Explorer and related process and dlls are required and it's not a suspicious at all.
* BitTab uses, of course, Windows APIs for detecting monitor size to dock the bar, for making the app 'run at start' by modifying registry(it's really a common thing.), for generating shortcut links, for detecting time zone and language of OS, for updating exchanges info from the internet(downloading), for checking whether it is a latest version(accessing internet), for making a Window semi-transparent or topmost, for disabling clicking sound of innate Internet Explorer by using native DLLs and so on..
* your mention "hybrid-analysis is very rarely wrong." seems to need reference because there are official and well-known softwares (but not corporation scale ) which reported to be Suspicious, meaning false-positive also seems prevalent.
- PuTTy: https://www.hybrid-analysis.com/sample/2034e4697dd92f942d93288c7ccb4ef32985f180e955e7b5d9e29f8fb48139fe
- CrystalDiskMark : https://www.hybrid-analysis.com/sample/cc6c578a386db391f88df4acbf0217c17e00a2f5158392716ce3ad23993dd449
- CCleaner : https://www.hybrid-analysis.com/sample/ea2b0fe19acc526f8c634fe933f63b7f2a1911a27a74dc2d87a5ea6ac4a8f2b3


1. Terminates other processes using tskill/taskkill
Process "taskkill.exe" with commandline "/f /im "BitTab.exe"" (Show Process)
relevance 9/10
=> Hybrid-analysis considered it as a KEY(or Core) relevance because it took 9 out of 10 score for declare it as a malware.
However, as answered above fairly clearly, "taskkill.exe" is a 'native' Microsoft Windows application for various uses and we only utilize it to terminate 'our app: bittab.exe' for force update to newer version of BitTab.exe


2. External Systems
1/37 Antivirus vendors marked sample as malicious (2% detection rate)
relevance 8/10
=> It also responsible for 8/10 score. We think it is due to 'heuristic scanning' feature which means Anti-virus did NOT clearly analyze the file but rather 'suspect' it because of 'taskkill' or something like that maybe..
unfortunately, we could not track which anti-virus engine reported it as a virus. If we would know, we will send report to them for 'precise scrutinization' and we do expect a positive answer.
as we and you mentioned above, we have report for 'perfectly clean' result.
https://www.virustotal.com/gui/file/d24057f9965dcf819c4c8e55b461f1231e8a6916f3fc081c6dcae646a5f624f5/detection
If you cannot believe because of '$50 solution' thing, we would provide more information if you want and if available.
We think it could partially answers this 'external systems' analysis. Also, please note that VirusTotal consists of 71 engines while Hybrid-analysis consists of 37 engines.


3. The analysis extracted a file that was identified as malicious
1/94 Antivirus vendors marked dropped file "BitTabSetup2.1b.2.tmp" as malicious (classified as "W32.Neshta.D" with 1% detection rate)
1/94 Antivirus vendors marked spawned process "BitTabSetup2.1b.2.tmp" (PID: 2876) as malicious (classified as "W32.Neshta.D" with 1% detection rate)
relevance 10/10
=> this is a difficult part because we don't know any about such malware and never related to it. For the technical things, Sophos says "When W32/Neshta-A is installed the following files are created:\svchost.com" but BitTab never do it.
Also, if that 'W32.Neshta.D' is detected in only single engine while other anti-viruses didn't, it can also be interpreted as false-positive for that one engine. That engine went wrong or other tens of engines were failed to detect an already reported threat. Which one would you think is more convincible and possible explanation?
You provided the link https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Neshta-A/detailed-analysis.aspx and none of them are being executed by neither installer nor BitTab.exe itself. It says "The file directx.sys in the Windows folder is updated with the path of the last infected file to be run." but we even don't know what directx.sys is for.



4. Installation/Persistance
Allocates virtual memory in a remote process
"BitTabSetup2.1b.2.tmp" allocated memory in "\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer"
"BitTabSetup2.1b.2.tmp" allocated memory in "%PUBLIC%\Desktop\BitTab.lnk"
relevance 7/10
=> Our setup program makes Shortcut icon to Desktop and access to Explorer registry for disable 'clicking' sound in Windows7 (you know the sound)

5. Writes data to a remote process
"BitTabSetup2.1b.2.exe" wrote 1500 bytes to a remote process "%TEMP%\is-E7TPH.tmp\BitTabSetup2.1b.2.tmp" (Handle: 204)
"BitTabSetup2.1b.2.exe" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\is-E7TPH.tmp\BitTabSetup2.1b.2.tmp" (Handle: 204)
"BitTabSetup2.1b.2.exe" wrote 8 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\is-E7TPH.tmp\BitTabSetup2.1b.2.tmp" (Handle: 204)
"BitTabSetup2.1b.2.exe" wrote 32 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\is-E7TPH.tmp\BitTabSetup2.1b.2.tmp" (Handle: 204)
"BitTabSetup2.1b.2.exe" wrote 52 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\is-E7TPH.tmp\BitTabSetup2.1b.2.tmp" (Handle: 204)
"BitTabSetup2.1b.2.tmp" wrote 32 bytes to a remote process "C:\Windows\SysWOW64\taskkill.exe" (Handle: 528)
"BitTabSetup2.1b.2.tmp" wrote 52 bytes to a remote process "C:\Windows\SysWOW64\taskkill.exe" (Handle: 528)
"BitTabSetup2.1b.2.tmp" wrote 4 bytes to a remote process "C:\Windows\SysWOW64\taskkill.exe" (Handle: 528)
"BitTabSetup2.1b.2.tmp" wrote 8 bytes to a remote process "C:\Windows\SysWOW64\taskkill.exe" (Handle: 528)
"BitTabSetup2.1b.2.tmp" wrote 32 bytes to a remote process "C:\Program Files (x86)\BitTab\BitTab.exe" (Handle: 732)
"BitTabSetup2.1b.2.tmp" wrote 52 bytes to a remote process "C:\Program Files (x86)\BitTab\BitTab.exe" (Handle: 732)
"BitTabSetup2.1b.2.tmp" wrote 4 bytes to a remote process "C:\Program Files (x86)\BitTab\BitTab.exe" (Handle: 732)
"BitTabSetup2.1b.2.tmp" wrote 8 bytes to a remote process "C:\Program Files (x86)\BitTab\BitTab.exe" (Handle: 732)
relevance 6/10
=> okay. this is the same thing. make a temporary file for installing and use taskkill.exe to terminate running 'bittab.exe' if exists. and overwrite bittab.exe to newer one.

6. Checks for a resource fork (ADS) file
"BitTab.exe" checked file "C:"
relevance 5/10
=> as you can see in https://en.wikipedia.org/wiki/NTFS#Alternate_data_streams_(ADS) it is not a malicious behavior.
"Very small ADS (named "Zone.Identifier") are added by Internet Explorer ... the local shell would then require user confirmation before opening them."
This is a familiar thing. After the first download from internet, you have to confirm for running. And it is more strict if the file is not a 'world wide popular' one like this small software.

7. Contains ability to reboot/shutdown the operating system
[email protected] (Show Stream)
[email protected] (Show Stream)
[email protected] from BitTabSetup2.1b.2.tmp (PID: 2876) (Show Stream)
relevance 5/10
=> okay.. this installer has ability to 'reboot' if core file like BitTab.exe cannot be updated this time. This is a common way for any other installers.
Honestly, we don't understand why this 'ability' takes 5/10 malicious behavior score.

8. Contains native function calls
[email protected] from BitTabSetup2.1b.2.tmp (PID: 2876) (Show Stream)
[email protected] from BitTabSetup2.1b.2.tmp (PID: 2876) (Show Stream)
relevance 5/10
=> Here is a link what NTDLL.DLL is https://en.wikipedia.org/wiki/Microsoft_Windows_library_files#NTDLL.DLL
We think this NTDLL report is related to Windows Explorer.


This is a long answer and we put efforts to explain in detail that this is false-positive. We hope our explanation could answer your questions.
If any other exists, please let us know.

As you mentioned. being opened in such a cryptocurrency environment is nice and that is why we are answering things. But it might be understandable that this kind of software can also be not open-sourced. Plus, you probably agree that those kinds of tools are 'tools', not a responsible judge.  

And we do hope this long and technical text would rather not make scary.
hero member
Activity: 1220
Merit: 612
OGRaccoon
Thank you for the post but I am still have concerns if you look at the report the mitre score is through the roof and it's showing hooking into other parts of the system.
The avast whitelist program is useless any script kid with $50 can buy a full encrypted virus that won't be detected by avast and by 99.5% of the AV's on virustotal.

Can you further explain the following information as you did not post the source code to your application in the crypto space being open is key and hybrid-analysis is very rarely wrong.

Code:
Spyware Found a string that may be used as part of an injection method
Persistence Writes data to a remote process
Fingerprint
Queries process information
Queries sensitive IE security settings
Queries the internet cache settings (often used to hide footprints in index.dat or internet cache)
Reads the active computer name
Reads the cryptographic machine GUID
Evasive
Marks file for deletion
Tries to sleep for a long time (more than two minutes)

Queries sensitive IE security settings

Registry Access

The analysis extracted a file that was identified as malicious

1/94 Antivirus vendors marked dropped file "BitTabSetup2.1b.2.tmp" as malicious (classified as "W32.Neshta.D")

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Neshta-A/detailed-analysis.aspx

[b]System Security
[/b]
Contains ability to elevate privileges

[email protected] at 15503-5232-00409408

[b]Modifies proxy settings[/b]

"BitTab.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"BitTab.exe" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")

Queries sensitive IE security settings

"BitTab.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")


I suspect this is dropping some form of spyware onto the machine the bounce back for one of them is the following..
https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Neshta-A/detailed-analysis.aspx

there is also anti-sandbox and anti-debugger works in there which lead me to believe this has something more packed inside.

The detection in the report's are not just from taskkill but from bittab and the tmp file's it's creating.


member
Activity: 210
Merit: 11
https://www.hybrid-analysis.com/sample/d24057f9965dcf819c4c8e55b461f1231e8a6916f3fc081c6dcae646a5f624f5

Threat score of 85?
Not something you would normally see from something that has avast whitelist.

I'm going to go out on a limb and say this has some form of malware or spy-ware in it.

Code:
BitTabSetup2.1b.2.exe 
This report is generated from a file or URL submitted to this webservice on May 28th 2019 16:51:15 (CEST) and action script Heavy Anti-Evasion
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v8.30 © Hybrid Analysis -  learn more

I would be cautious there is still some warning signs on this software see the above link.
If the developers would care to explain some of the strings in here for RPC and private keys
Spawned process:

taskkill.exe
Code:
243A6011
?���������
\RPC Control\ConsoleLPC-0x0000000000000D70-1710979711-555981891199312740717942630711054705465-1417213109-10361871071607272043
ContextLimit
Domain
EnableObjectValidation
EnablePrivateObjectHeap
Hostname
IdentifierLimit
Image Path
Log File Max Size
Logging
Logging Directory
MachineGuid
MaximumAllowedAllocationSize
ObjectLimit
PrivateKeyLifetimeSeconds



Dear MagicByt3

There are two things that we can clearly explain about it.

1. The warning you saw is related to  "d24057f9965dcf819c4c8e55b461f1231e8a6916f3fc081c6dcae646a5f624f5" which is the installer's.
As mentioned, this installer and inside files were scanned by VirusTotal with 71 world-wide anti-viruses and resulted clean. Plus, the whole files have been inspected by Avast Whitelist program and declared harmless.
The files inside are encapsulated and compressed by InnoSetup ( http://www.jrsoftware.org/isinfo.php ) solution (which is very widely used) and this solution generates temporary file like "BitTabSetup2.1b.2.tmp" but unfortunately, most 'small developments' installers are easy targets for showing alert to users even though they are not malwares. That's because most anti-viruses do not trust unknown files in the first place and it's easier to show users 'dangerous' rather than 'we don't know'. Usually, those anti-viruses first suspect by 'heuristic algorithm' and require user's agreement for running programs. They may prefer showing false-positive alarm than showing "actually we don't know".

2. TaskKill.exe is not a suspicious file but rather official and default native file in Microsoft Windows.
(about taskkill: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb491009(v=technet.10) )
(official answer about users asking if it is a virus: https://answers.microsoft.com/en-us/windows/forum/windows_10-security-winpc/is-taskkillexe-a-virus/03e39f0c-f6e3-4730-9240-6e3cebd7f974 )
(disclosure of utilizing code in InnoSetup installer: Exec(ExpandConstant('taskkill.exe'), '/f /im ' + '"' + "BitTab.exe" + '"', '', SW_HIDE, ewWaitUntilTerminated, ResultCode); )

We use 'native' TaskKill command to kill the BitTab.exe when installing to replace the 'running older version' of BitTab.exe to newer one. That's all that we use TaskKill.

We explained in detail and we understand your concern. Unlike apps in Appstore or Google Play, there is no way to distribute Windows Software in that manner. (Windows7 does not have Windows Store so that we cannot publish BitTab as Windows10 Store app)
If you still have 'something feel uncomfortable', please let us know. We will be happy to answer that.

Thanks for your interest.

hero member
Activity: 1220
Merit: 612
OGRaccoon
https://www.hybrid-analysis.com/sample/d24057f9965dcf819c4c8e55b461f1231e8a6916f3fc081c6dcae646a5f624f5

Threat score of 85?
Not something you would normally see from something that has avast whitelist.

I'm going to go out on a limb and say this has some form of malware or spy-ware in it.

Code:
BitTabSetup2.1b.2.exe 
This report is generated from a file or URL submitted to this webservice on May 28th 2019 16:51:15 (CEST) and action script Heavy Anti-Evasion
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v8.30 © Hybrid Analysis -  learn more

I would be cautious there is still some warning signs on this software see the above link.
If the developers would care to explain some of the strings in here for RPC and private keys
Spawned process:

taskkill.exe
Code:
243A6011
?���������
\RPC Control\ConsoleLPC-0x0000000000000D70-1710979711-555981891199312740717942630711054705465-1417213109-10361871071607272043
ContextLimit
Domain
EnableObjectValidation
EnablePrivateObjectHeap
Hostname
IdentifierLimit
Image Path
Log File Max Size
Logging
Logging Directory
MachineGuid
MaximumAllowedAllocationSize
ObjectLimit
PrivateKeyLifetimeSeconds

member
Activity: 210
Merit: 11
It is not working properly. Look at prices.
https://prnt.sc/nu71uj

I unchecked "Convert BTC to Satoshi(s)" setting but BNB price is still wrong.
https://prnt.sc/nu72hn

Dear Hexen-zz
Unfortunately, we could not reproduce the problem you wrote.

https://prnt.sc/nuh8j4

The settings look the same. We also tried it in a several different environments.

If you are still in the same situation, please let us know via [email protected] for further and detail instruction.
newbie
Activity: 36
Merit: 0
It is not working properly. Look at prices.
https://prnt.sc/nu71uj

I unchecked "Convert BTC to Satoshi(s)" setting but BNB price is still wrong.
https://prnt.sc/nu72hn
member
Activity: 210
Merit: 11

Any plans on adding Bitmex to the list?

As Bitmex system is quite different from others, it is hard to be implemented in the near future. Thanks for your interests.
full member
Activity: 163
Merit: 100

Any plans on adding Bitmex to the list?
copper member
Activity: 12
Merit: 4
Pretty cool, the web version is great.
member
Activity: 210
Merit: 11
New exchange announcement.

Binance Jersey



Binance Jersey provides secure and reliable trading of the Euro (EUR) and British Pound (GBP) with Bitcoin (BTC) and Ethereum (ETH) with digital asset management services all over the world.

Check it out on http://bittab.io/
member
Activity: 210
Merit: 11
New exchange announcement.

VinDAX Exchange



VinDAX is The Cryptocurrency Exchange Foundation using the tools and resources that can increase traders and investors' profit potential, performance and understandings.
By Enhancing the experience and acknowledging a new wave of market participants, VinDAX removes the ‘house edge’. Entering VinDAX exchange, our trader can be free from risky participation and can experience a new wave of  market participants. Furthermore,  through VinDAX's tools, resources and customizable interface, users can be kept up with informed strategy and decision making.

Check it out on http://bittab.io/
member
Activity: 210
Merit: 11
This is really a great time for using BitTab!

Watch your 'uprising' cryptos on your own screen every moment.


The LARGEST database of exchanges and coins, the EASIEST way to watch the crypto prices, and has the MOST modernized design

the BEST crypto-ticker widget for Windows.





BitTab
https://bittab.io
Pages:
Jump to: