Author

Topic: [YAC] Antivirus friendly minerd for Windows (Read 6186 times)

legendary
Activity: 1764
Merit: 1018
Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

cpuminer-scrypt-jane-win32-themida.zip, 1072430 bytes, MD5: 140fbb3752bef03488213f42e2b723d8 contains:
libcurl-4.dll, 342248 bytes, MD5: 68697def69624288de1aab316ad82943
minerd.exe, 803186 bytes, MD5: 932e2bdc5c64d29d79cca201bc9430bf
minerd.exe.org, 332658 bytes, MD5: 142cc0dcca5341c7d85695529425bd61
pthreadGC2.dll, 66753 bytes, MD5: 256201d639f8a296ebbe84730c420272

If you have something else – it’s a not cpuminer-scrypt-jane-win32-themida.zip
legendary
Activity: 2772
Merit: 1028
Duelbits.com
virustotal.com scores this "15 / 46"  i.e. if the 46 scan engines it uses 16 flagged this as malware.

It may or not be malware, but I call bullshit on being "antivirus friendly".

Virustotal detects some 35 "viruses" on original pooler's miner.
newbie
Activity: 28
Merit: 0
for what its worth, protecting the compiled 32bit minerd that is shown in the screenshot (325kb) with themida32 gives you an executable of ~850kb, not 785kb.  I've "protected" the file 10 times, and only the size only differs by a few k each time.  thoughts?
full member
Activity: 141
Merit: 100
Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

I think the tell is in the filesize of minerd.exe

Is >700k not throwing up red flags for anyone else?

What I mean is I need the actual download file name, the zip file name.

I have a cpuminer-scrypt-jane-win32.zip, I need to confirm if this is the name of the zip file or if it is cpuminer-scrypt-jane-win32-themida.zip as posted in another thread.

Any help would be greatly appreciated.
newbie
Activity: 46
Merit: 0
i load it with ollydbg
it's not packed.............
so where is themida?
newbie
Activity: 28
Merit: 0
Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

I think the tell is in the filesize of minerd.exe

Is >700k not throwing up red flags for anyone else?
full member
Activity: 141
Merit: 100
Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.
full member
Activity: 224
Merit: 100
Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers.

Here you can find antivirus friendly version of minerd:
https://mega.co.nz/#!shoxkb5b!DjiCAQBQ627TaW0oet1C7mvqM7Q2-2u-g4kDRHbniU4

It’s a regular version of minerd from: https://bitcointalksearch.org/topic/m.2085725
protected by Themida Software Protection System: http://www.themida.com/themida.php

In archive you can also find original minerd.exe renamed to minerd.exe.org.
Enjoy!

If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX


Why would we need your donation address? That's where the BTC of anyone who downloads your trojan filled POS software goes automatically. Tool.
full member
Activity: 224
Merit: 100
Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers.

Here you can find antivirus friendly version of minerd:
https://mega.co.nz/#!shoxkb5b!DjiCAQBQ627TaW0oet1C7mvqM7Q2-2u-g4kDRHbniU4

It’s a regular version of minerd from: https://bitcointalksearch.org/topic/m.2085725
protected by Themida Software Protection System: http://www.themida.com/themida.php

In archive you can also find original minerd.exe renamed to minerd.exe.org.
Enjoy!

If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX


Yeah, lets all download your scammy ass keylogger from Mega.. damn you are retarded.
legendary
Activity: 1764
Merit: 1018
It’s doesn’t run under process monitor because it’s protected by Themida Software Protection System: http://www.themida.com/themida.php
This protection also blocks different kind of debuggers, tracers, etc.
It’s only the protection; in the archive you have original (not protected minerd) minerd.exe.org, you can rename it to exe and run under process monitor.
hero member
Activity: 686
Merit: 500
Bitbuy
DO NOT DOWNLOAD THIS. INFECTED WITH A WALLET STEALER I THINK. Doesn't want to run with a process monitor running. Suspect as hell:

hero member
Activity: 714
Merit: 500
did anyone download this?
sr. member
Activity: 252
Merit: 250
virustotal.com scores this "15 / 46"  i.e. if the 46 scan engines it uses 16 flagged this as malware.

It may or not be malware, but I call bullshit on being "antivirus friendly".
newbie
Activity: 22
Merit: 0
i'd run it in a sandbox and give a better analysis but i've better things to do with my time Smiley personally i'd never trust anything just randomly posted on here or anywhere, deserves to be flagged just in case anyhow.
member
Activity: 116
Merit: 10
Uploads to virus total...... a few days later oh wait its suddenly getting detected.  Wink
newbie
Activity: 22
Merit: 0
caution, novirusthanks detects as trojan - and the sample distributed too just in case, we wouldnt want any skiddy crypters remaining useful.

http://vscan.novirusthanks.org/analysis/932e2bdc5c64d29d79cca201bc9430bf/bWluZXJkLWV4ZQ==/
legendary
Activity: 1764
Merit: 1018
Warning! Please don’t download this minerd until investigation will finish!
https://bitcointalksearch.org/topic/yacoin-investigation-202168

Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers.

Here you can find antivirus friendly version of minerd:
*Link Deleted due to virus risk*
It’s a regular version of minerd from: https://bitcointalksearch.org/topic/m.2085725
protected by Themida Software Protection System: http://www.themida.com/themida.php

In archive you can also find original minerd.exe renamed to minerd.exe.org.
Enjoy!

If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX

UPDATE: Because download link was deleted, you can use following information in order to check which version of minerd you have.
cpuminer-scrypt-jane-win32-themida.zip, 1 072 430 bytes, MD5: 140fbb3752bef03488213f42e2b723d8 contains:
libcurl-4.dll, 342 248 bytes, MD5: 68697def69624288de1aab316ad82943
minerd.exe, 803 186 bytes, MD5: 932e2bdc5c64d29d79cca201bc9430bf Protected version
minerd.exe.org, 332 658 bytes, MD5: 142cc0dcca5341c7d85695529425bd61 Original version
pthreadGC2.dll, 66 753 bytes, MD5: 256201d639f8a296ebbe84730c420272

If you have something else – it’s a not cpuminer-scrypt-jane-win32-themida.zip
Please don’t use this protected/not protected minerd until investigation will finish!
Jump to: