General Category > General Discussion

NEW MINER Fast miner!

(1/2) > >>

miner:
Hi. i have just finished fast miner. im not 100% done whit it. but you can test it here:

* Link Removed by Mod: Virus/Trojan *

Happy mining  ;)

TwistedSister:
I don't mean any disrespect... but, 512kb for a miner?
Someone smells fish?
God help us!
We need a volunteer...
Who's willing to download it and try it?

V2-V3:
Screen shots and metrics please?

nstertz:
Here is the res hacker.... its trying to be something its not.... VIRUS. You're welcome people :)
1 VERSIONINFO
FILEVERSION 14,2,5,4
PRODUCTVERSION 14,2,5,4
FILEOS 0x4
FILETYPE 0x1
{
BLOCK "StringFileInfo"
{
   BLOCK "000004b0"
   {
      VALUE "Comments", "Kaspersky"
      VALUE "CompanyName", "Kaspersky"
      VALUE "FileDescription", "Kaspersky"
      VALUE "FileVersion", "14.2.5.4"
      VALUE "InternalName", "resetfud.exe"
      VALUE "LegalCopyright", "2010"
      VALUE "LegalTrademarks", "Kaspersky"
      VALUE "OriginalFilename", "resetfud.exe"
      VALUE "ProductName", "Kaspersky"
      VALUE "ProductVersion", "14.2.5.4"
      VALUE "Assembly Version", "14.2.5.4"
   }
}

BLOCK "VarFileInfo"
{
   VALUE "Translation", 0x0000 0x04B0
}
}

Jester:
initial analysis:
douchy vb trojan connects to aviny.no-ip.info someone might wonna report that....


--- Code: ---Processes:
PID ParentPID User Path
--------------------------------------------------
2520 1796 JESTER-XUIZDCZ4:Jester

Ports:
Port PID Type Path
--------------------------------------------------
1056 3464 TCP C:\WINDOWS\System32\msiexec.exe

Explorer Dlls:
DLL Path Company Name File Description
--------------------------------------------------
No changes Found

IE Dlls:
DLL Path Company Name File Description
--------------------------------------------------
No changes Found

Loaded Drivers:
Driver File Company Name Description
--------------------------------------------------

Monitored RegKeys
Registry Key Value
--------------------------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run WinUpdtr=C:\Documents and Settings\Jester\Application Data\WinUpdtr\fastminer.exe

DirwatchData
Action Size File
--------------------------------------------------
WatchDir Initilized OK
Watching C \
Modifed 7C2828 C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB2686828_20120717_093853403-Msi0.txt
Modifed 38478C0 C:\Config.Msi\53dee.rbs
Modifed 5000 C:\WINDOWS\system32\config\SECURITY.LOG
Created 0 C:\Documents and Settings\Jester\Local Settings\Temp\vbc.exe
Modifed 0 C:\Documents and Settings\Jester\Local Settings\Temp
Modifed 11E3F8 C:\Documents and Settings\Jester\Local Settings\Temp\vbc.exe
Modifed 0 C:\WINDOWS\Prefetch
Created 0 C:\Documents and Settings\Jester\Application Data\WinUpdtr
Modifed 0 C:\Documents and Settings\Jester\Application Data
Created 0 C:\Documents and Settings\Jester\Application Data\WinUpdtr\fastminer.exe
Modifed 0 C:\Documents and Settings\Jester\Application Data\WinUpdtr
Modifed 94400 C:\Documents and Settings\Jester\Application Data\WinUpdtr\fastminer.exe
Modifed 7000 C:\Documents and Settings\Jester\ntuser.dat.LOG
Modifed 56E88 C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB2686828_20120717_093853403.html
Modifed BEE7C C:\System Volume Information\_restore{8EDEFE23-3D74-49ED-A73F-FDC810B7F1B7}\RP16\change.log
Created 0 C:\DOCUME~1\Jester\LOCALS~1\Temp\~DF4490.tmp
Modifed 0 C:\DOCUME~1\Jester\LOCALS~1\Temp
Modifed 200 C:\DOCUME~1\Jester\LOCALS~1\Temp\~DF4490.tmp
cmd /k ""C:\iDEFENSE\SysAnalyzer\windump.exe" -w "C:\Documents and Settings\Jester\Desktop\analysis\capture_7.pcap" -q -U -l -s 0 -i 2 ip src 192.168.1.14 or ip dst 192.168.1.14"

--- End code ---

Navigation

[0] Message Index

[#] Next page

Go to full version