Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Mining (Altcoins)
Re: Hsrminer Neoscrypt FORK by Justaminer - 0% devfee and more!
by
Just_a_miner
on 16/01/2018, 13:55:38 UTC
Quote from: ol92 on January 16, 2018, 01:08:53 PM
Quote from: sekacakes on January 16, 2018, 12:52:25 PM
Quote from: Just_a_miner on January 16, 2018, 12:41:32 PM
Quote from: pupkinv on January 16, 2018, 11:08:19 AM
https://www.virustotal.com/#/file/4992661665e1dfcc8a28d5589484db49ea5f51a20b55d84a233a9cc2fc655e2f/detection

Check virustotal report for original hsrminer_neoscrypt.exe :

https://www.virustotal.com/#/file/8947d773886cce727a8e7be8d69e5e372163116cac4bd87568cb996f757d420a/detection

AegisLab                    - Troj.Gen!c
CAT-QuickHeal           -  Trojan.IGENERIC
K7GW                        -  Unwanted-Program ( 004bf0771 )
McAfee-GW-Edition     -  BehavesLike.Win64.Downloader.vc
TrendMicro-HouseCall -  Suspicious_GEN.F47V0103
McAfee                      -  Artemis!B5DF5A71499C
K7AntiVirus                -  Unwanted-Program ( 004bf0771 )
Symantec                  -  Trojan.Gen.9

Scary, isn't it?

Makes it awfully suspicious how this program goes masked and unflagged as a mining software, despite the original being flagged red all over.

The first warning : BehavesLike.Win64.RansomWannaCry is particulary worrisome since the original didn't have this one and it shouldn't be relative to mining software.

As you can see I've shown only those AV reports of original file that aren't relative to mining software Smiley But you know it's a miner. It was packed by some generic packer that was easy to unpack for AVs, so they see it's a miner, but many of AVs didn't like behavior of packer so you get 7 warnings that aren't relative to mining software.

My file is packed with same packer that is used by Claymore to pack his "Claymore's Dual Ethereum + Decred/Siacoin/Lbry/Pascal AMD+NVIDIA GPU Miner", and you can see that he gets some AV reports too due to that packer, you can read his readme!!!.txt inside archive.