Re: http://www.asic-technologies.com/ http://asic-tech.com

Quote from: tadillac on December 16, 2013, 04:19:10 AM

What about that 7-day trial? https://asicminersoft.com/free-7-days-trial/
Someone brave enough to try it out?

Ha, I didn't see it. Ok, I downloaded it, unpacked and checked with virustotal.com:

https://www.virustotal.com/en/file/c3719223dd1bb7828d8fed53eae4c52966ca24b5e2e92a0be9105347529eb34a/analysis/1387190265/
(not detected by major antiviruses)

Checked with Anubis (service for analyzing malware):

http://anubis.iseclab.org/?action=result&task_id=1ebfff9f2128627b48946fa20572b58f5&format=html

So according to Anubis ASICMinerSoftSetup.exe is a self-extracting archive, I unpacked it with WinRar:

5 files inside (with hidden and system attributes): ygF.BQI, Jd.fga, yc.ocf, rm.QCO, jIlL.vbs

jIlL.vbs contents:

Code:

CreateObject("WScript.Shell").Exec "JD.FGA yC.OCF"

Jd.fga VirusTotal results:

https://www.virustotal.com/en/file/fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b/analysis/1387190674/

Code:

Product AutoIt v3 Script
Original name AutoIt3.exe
File version 3, 3, 8, 1
Comments http://www.autoitscript.com/autoit3/

From comments: "AutoIt macro engine. Clean file by itself, but usually bundled along with malicios macro files when arrives by mail, claiming "shipment information", "invoice", "order" or alike..."

yc.ocf contents (an extract, it's 800kb file):

Code:

;QA
;jqix
;Ip
;RBm
;eKmPZ
;g
;fP
;uvp
;Fml
;gR
;Id
;JN
;VC
;yjj
;OkZN
;T
;iBCdV
;czNK
;QGJCR
;KkmYOC
;MqMIKFeNl

Seems like encrypted AutoIt script or something. If somebody knows how to decrypt/decompile it, pls help.

But I think, it's clear that this is some kind of lame password stealer, I doubt somebody will write "some special CPU and GPU algorithm" in AutoIt script language (lol)!