在线病毒检测器 | v.1.0.182.174 |
数据库版本: | 2024-07-18 22:00:28 |
CoinMiner是一种利用受害者的计算机资源(主要是CPU和RAM)进行加密货币挖掘(例如Monero或Zcash)的恶意软件。此恶意软件通过将开源挖掘工具集成到系统的启动例程中来建立持久性,而不需要用户的同意。高级的加密货币挖掘程序通常采用定时器配置或CPU使用限制等技术,以悄悄运行并避免检测。
File | Default.SFX |
已检查 | 2024-07-18 19:59:43 |
MD5 | 979cadae9bfebeb9ccd8a27a9932603e |
SHA1 | d6f269a423556f42eb0a783c0933525b1b85860a |
SHA256 | 2747374a962d0f297cdd831d26624c35b2191326eb370def14107b5c039bfdb8 |
SHA512 | 9b5e2f8080527d97643dfa35ca3f5f36b202f27b54b6d120615fea1a51d7487b373d749753a2c4c36a0e7cca6bc2012cfce3780d7814352ea978dcb90e1f7982 |
Imphash | b1c5b1beabd90d9fdabd1df0779ea832 |
File Size | 462334 bytes |
Gridinsoft能够识别并消除Trojan.Win64.CoinMiner.cl,无需进一步的用户干预。
8d9da329386d64d6b86a12bd2f986399 9043363bfee17e0d508057b9ae7189e9 84b4b4d4c4ccccc0 |
|
Image Base: | 0x140000000 |
Entry Point: | 0x140032ee0 |
Compilation: | 2024-05-12 10:17:07 |
Checksum: | 0x00000000 (Actual: 0x0007906a) |
OS Version: | 5.2 |
PDB Path: | D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb |
PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
Sign: | The PE file does not contain a certificate table. |
Sections: | 8 |
Imports: | KERNEL32, OLEAUT32, gdiplus, |
Exports: | 0 |
Resources: | 28 |
名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0004676e | 0x00046800 | f06bb06e02377ae8b223122e53be35c2 | 6.47 |
.rdata | 0x00048000 | 0x000128c4 | 0x00012a00 | 2de06d4a6920a6911e64ff20000ea72f | 5.27 |
.data | 0x0005b000 | 0x0000e75c | 0x00001a00 | 0dbdb901a7d477980097e42e511a94fb | 3.26 |
.pdata | 0x0006a000 | 0x0000306c | 0x00003200 | b0ce0f057741ad2a4ef4717079fa34e9 | 5.50 |
.didat | 0x0006e000 | 0x00000360 | 0x00000400 | 1fcc7b1d7a02443319f8fcc2be4ca936 | 3.05 |
_RDATA | 0x0006f000 | 0x0000015c | 0x00000200 | 3f331ec50f09ba861beaf955b33712d5 | 3.34 |
.rsrc | 0x00070000 | 0x0000e360 | 0x0000e400 | ada5628b9441c3d4f775b5c1be0267ef | 6.60 |
.reloc | 0x0007f000 | 0x00000970 | 0x00000a00 | 77a9ddfc47a5650d6eebbcc823e39532 | 5.34 |