[YAC] Antivirus friendly minerd for Windows

testz

legendary

Activity: 1764

Merit: 1018

Quote from: nullbitspectre1848 on May 11, 2013, 10:11:01 AM

Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

cpuminer-scrypt-jane-win32-themida.zip, 1072430 bytes, MD5: 140fbb3752bef03488213f42e2b723d8 contains:
libcurl-4.dll, 342248 bytes, MD5: 68697def69624288de1aab316ad82943
minerd.exe, 803186 bytes, MD5: 932e2bdc5c64d29d79cca201bc9430bf
minerd.exe.org, 332658 bytes, MD5: 142cc0dcca5341c7d85695529425bd61
pthreadGC2.dll, 66753 bytes, MD5: 256201d639f8a296ebbe84730c420272

If you have something else – it’s a not cpuminer-scrypt-jane-win32-themida.zip

seleme

legendary

Activity: 2772

Merit: 1028

Duelbits.com

Quote from: MrWizard on May 10, 2013, 09:20:18 AM

virustotal.com scores this "15 / 46" i.e. if the 46 scan engines it uses 16 flagged this as malware.

It may or not be malware, but I call bullshit on being "antivirus friendly".

Virustotal detects some 35 "viruses" on original pooler's miner.

anonynonanony

newbie

Activity: 28

Merit: 0

for what its worth, protecting the compiled 32bit minerd that is shown in the screenshot (325kb) with themida32 gives you an executable of ~850kb, not 785kb. I've "protected" the file 10 times, and only the size only differs by a few k each time. thoughts?

nullbitspectre1848

full member

Activity: 141

Merit: 100

Quote from: anonynonanony on May 11, 2013, 10:12:22 AM

Quote from: nullbitspectre1848 on May 11, 2013, 10:11:01 AM

Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

I think the tell is in the filesize of minerd.exe

Is >700k not throwing up red flags for anyone else?

What I mean is I need the actual download file name, the zip file name.

I have a cpuminer-scrypt-jane-win32.zip, I need to confirm if this is the name of the zip file or if it is cpuminer-scrypt-jane-win32-themida.zip as posted in another thread.

Any help would be greatly appreciated.

ntkrnl

newbie

Activity: 46

Merit: 0

i load it with ollydbg
it's not packed.............
so where is themida?

anonynonanony

newbie

Activity: 28

Merit: 0

Quote from: nullbitspectre1848 on May 11, 2013, 10:11:01 AM

Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

I think the tell is in the filesize of minerd.exe

Is >700k not throwing up red flags for anyone else?

nullbitspectre1848

full member

Activity: 141

Merit: 100

Can someone please confirm for me the file name of this download?

I have all my downloaded clients in a folder and want to see if I downloaded this one.

TheSwede75

full member

Activity: 224

Merit: 100

Quote from: testz on May 10, 2013, 08:47:51 AM

Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers.

Here you can find antivirus friendly version of minerd:
https://mega.co.nz/#!shoxkb5b!DjiCAQBQ627TaW0oet1C7mvqM7Q2-2u-g4kDRHbniU4

It’s a regular version of minerd from: https://bitcointalksearch.org/topic/m.2085725
protected by Themida Software Protection System: http://www.themida.com/themida.php

In archive you can also find original minerd.exe renamed to minerd.exe.org.
Enjoy!

If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX

Why would we need your donation address? That's where the BTC of anyone who downloads your trojan filled POS software goes automatically. Tool.

TheSwede75

full member

Activity: 224

Merit: 100

Quote from: testz on May 10, 2013, 08:47:51 AM

Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers.

Here you can find antivirus friendly version of minerd:
https://mega.co.nz/#!shoxkb5b!DjiCAQBQ627TaW0oet1C7mvqM7Q2-2u-g4kDRHbniU4

It’s a regular version of minerd from: https://bitcointalksearch.org/topic/m.2085725
protected by Themida Software Protection System: http://www.themida.com/themida.php

In archive you can also find original minerd.exe renamed to minerd.exe.org.
Enjoy!

If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX

Yeah, lets all download your scammy ass keylogger from Mega.. damn you are retarded.

testz

legendary

Activity: 1764

Merit: 1018

It’s doesn’t run under process monitor because it’s protected by Themida Software Protection System: http://www.themida.com/themida.php
This protection also blocks different kind of debuggers, tracers, etc.
It’s only the protection; in the archive you have original (not protected minerd) minerd.exe.org, you can rename it to exe and run under process monitor.

Mushoz

hero member

Activity: 686

Merit: 500

Bitbuy

DO NOT DOWNLOAD THIS. INFECTED WITH A WALLET STEALER I THINK. Doesn't want to run with a process monitor running. Suspect as hell:

anderl

hero member

Activity: 714

Merit: 500

did anyone download this?

MrWizard

sr. member

Activity: 252

Merit: 250

virustotal.com scores this "15 / 46" i.e. if the 46 scan engines it uses 16 flagged this as malware.

It may or not be malware, but I call bullshit on being "antivirus friendly".

BaronMcG

newbie

Activity: 22

Merit: 0

i'd run it in a sandbox and give a better analysis but i've better things to do with my time

personally i'd never trust anything just randomly posted on here or anywhere, deserves to be flagged just in case anyhow.

jayjay2244

member

Activity: 116

Merit: 10

Uploads to virus total...... a few days later oh wait its suddenly getting detected. Wink

BaronMcG

newbie

Activity: 22

Merit: 0

caution, novirusthanks detects as trojan - and the sample distributed too just in case, we wouldnt want any skiddy crypters remaining useful.

http://vscan.novirusthanks.org/analysis/932e2bdc5c64d29d79cca201bc9430bf/bWluZXJkLWV4ZQ==/

testz

legendary

Activity: 1764

Merit: 1018

Warning! Please don’t download this minerd until investigation will finish!
https://bitcointalksearch.org/topic/yacoin-investigation-202168

Many peoples get the problems with minerd and their antivirus software because antiviruses software detects BitCoinMiner trojan in the minerd.exe. Antivirus companies add this kind of “virus” because many botnets and malware software install different kind of miner modules and get profit from infected computers.

Here you can find antivirus friendly version of minerd:
*Link Deleted due to virus risk*
It’s a regular version of minerd from: https://bitcointalksearch.org/topic/m.2085725
protected by Themida Software Protection System: http://www.themida.com/themida.php

In archive you can also find original minerd.exe renamed to minerd.exe.org.
Enjoy!

If you find it’s useful my donation address: Y6zG9HVU2zpfc5gc88ARDJxTfUPirjoPsX

UPDATE: Because download link was deleted, you can use following information in order to check which version of minerd you have.
cpuminer-scrypt-jane-win32-themida.zip, 1 072 430 bytes, MD5: 140fbb3752bef03488213f42e2b723d8 contains:
libcurl-4.dll, 342 248 bytes, MD5: 68697def69624288de1aab316ad82943
minerd.exe, 803 186 bytes, MD5: 932e2bdc5c64d29d79cca201bc9430bf Protected version
minerd.exe.org, 332 658 bytes, MD5: 142cc0dcca5341c7d85695529425bd61 Original version
pthreadGC2.dll, 66 753 bytes, MD5: 256201d639f8a296ebbe84730c420272

If you have something else – it’s a not cpuminer-scrypt-jane-win32-themida.zip
Please don’t use this protected/not protected minerd until investigation will finish!

Topic: [YAC] Antivirus friendly minerd for Windows (Read 6186 times)