Riskware/Miner

Forum for analysis and discussion about malware.
Post Reply
ikolor
Posts: 303
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Riskware/Miner

Post by ikolor » Mon Jul 31, 2017 3:14 pm

You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 242
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Tue Aug 01, 2017 7:32 am

It's part of https://github.com/nicehash/nheqminer which looks like a bitcoin miner.

BR,

Antelox

User avatar
Xylitol
Global Moderator
Posts: 1671
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Malware collection

Post by Xylitol » Sat Nov 18, 2017 1:18 pm

JS/Miner, can be unwanted but not really sure about categorizing it as malware, just disable javascript on your browser, it's the only recommendation i can do.
if you can't and need plugins:
Chrome: https://chrome.google.com/webstore/deta ... hdbolnfimo
Firefox: https://addons.mozilla.org/en-US/firefo ... coinblock/

coinhive running via node-js, show slightly better performance than running on browser (about +5 h/s) but overall solo-mining via javascript not worth it.
Image

markusg
Posts: 732
Joined: Mon Mar 15, 2010 2:53 pm

Re: Malware collection

Post by markusg » Sun Feb 11, 2018 5:23 pm

VirusTotal
SHA256:
5c13ceefbf24c9d248a91273066247350992ff2d86dd7c1fb5375ae71c83f6ab
Dateiname:
Youtube_byclick_Setup.exe
Erkennungsrate:
21 / 66
https://www.virustotal.com/de/file/5c13 ... /analysis/
my connection is bit slow for the next 1 week and the upload was canceled but if somebody want he can attach the file
a miner i think
https://www.dropbox.com/s/7rgorb5yxamxs ... up.7z?dl=1

Antelox
Posts: 242
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Sun Feb 11, 2018 8:00 pm

markusg wrote:VirusTotal
SHA256:
5c13ceefbf24c9d248a91273066247350992ff2d86dd7c1fb5375ae71c83f6ab
Dateiname:
Youtube_byclick_Setup.exe
Erkennungsrate:
21 / 66
https://www.virustotal.com/de/file/5c13 ... /analysis/
my connection is bit slow for the next 1 week and the upload was canceled but if somebody want he can attach the file
a miner i think
https://www.dropbox.com/s/7rgorb5yxamxs ... up.7z?dl=1
Yes, it drops a miner.

BR,

Antelox

markusg
Posts: 732
Joined: Mon Mar 15, 2010 2:53 pm

Re: Malware collection

Post by markusg » Fri Mar 02, 2018 11:45 pm

Download & Extract Here.exe
SHA-256
f54a78aa6d90eaa44a0cd757f90e649219207150f2c89ae0431bae150a1d6268
https://www.virustotal.com/#/file/f54a7 ... 68/details
miner?
You do not have the required permissions to view the files attached to this post.

tomatto007
Posts: 24
Joined: Fri Mar 19, 2010 8:16 pm

Re: Malware collection

Post by tomatto007 » Sat Mar 03, 2018 10:37 am

markusg wrote:Download & Extract Here.exe
SHA-256
f54a78aa6d90eaa44a0cd757f90e649219207150f2c89ae0431bae150a1d6268
https://www.virustotal.com/#/file/f54a7 ... 68/details
miner?
FILES ADDED:
%COMMON APPDATA%\SRSLABS\CMD.EXE
%COMMON APPDATA%\SRSLABS\CONFIG.JSON
%COMMON APPDATA%\SRSLABS\CONHOST.EXE
%COMMON APPDATA%\SRSLABS\WSCRIPTTARGET.EXE
%STARTUP%\MICROHOSTLAB.LNK (start conhost.exe)
%STARTUP%\SOFTCONTROL.LNK (start cmd.exe)

markusg
Posts: 732
Joined: Mon Mar 15, 2010 2:53 pm

Re: Malware collection

Post by markusg » Sat Apr 07, 2018 10:20 pm

a miner
You do not have the required permissions to view the files attached to this post.

markusg
Posts: 732
Joined: Mon Mar 15, 2010 2:53 pm

Re: Malware collection

Post by markusg » Thu Sep 06, 2018 6:33 pm

miner
SHA-256
8e353998862d7bdee88041c3f2c6ffbb5b405436857eeab6aba344830880445b
File name
start.exe
https://www.virustotal.com/#/file/8e353 ... /detection
You do not have the required permissions to view the files attached to this post.

Post Reply