Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Topic OP
Most likely - Possible malware in latest Bitcoin Core 64 bits bitcoin-qt.exe
by
IH-Antonio
on 27/11/2016, 07:54:41 UTC
Just downloaded the latest Bitcoin Core from bitcoin.org, scanned it at https://www.virustotal.com

And bingo  Undecided Angry

SHA256 from bitcoin-qt.exe 90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338
SHA256 from the bitcoin core zip file match the right one: 3956daf2c096c4002c2c40731c96057aecd9f77a559a4bc52b409cc13d1fd3f2  bitcoin-0.13.1-win64.zip

Edit: The SHA256 match the signatures specified in the Bitcoin.org website

Link to the scanner results:

https://www.virustotal.com/es/file/90f54d929626cbbc0fa0cdddb509feb4f11e8633b8e4d016be91673bae081338/analysis/

AegisLab   Uds.Dangerousobject.Multi!c   20161127
Kaspersky   Trojan.MSIL.CoinStealer.km   20161127
Rising   Trojan.CoinStealer!8.168F-c5irH5Q00gL (cloud)   20161127

Edit2: Seems like the Rising antivirus doesnt mark it anymore as a malware. Edit 2.1: Added again as malware

Edit3: I see that the 32 bits binary is totally clean in virustotal. This only happen with the 64 bits binary of bitcoin-qt.exe

Edit4: Confirmed. Kaspersky deletes the file on sight, and more antivirus marked the file as infected. Doesnt seems to be a false positive.