| 在线病毒检测器 | v.1.0.194.174 |
| 数据库版本: | 2024-10-24 11:00:27 |
CoinMiner是一种利用受害者的计算机资源(主要是CPU和RAM)进行加密货币挖掘(例如Monero或Zcash)的恶意软件。此恶意软件通过将开源挖掘工具集成到系统的启动例程中来建立持久性,而不需要用户的同意。高级的加密货币挖掘程序通常采用定时器配置或CPU使用限制等技术,以悄悄运行并避免检测。
| File | FinalShell_license.exe |
| 已检查 | 2024-10-24 08:28:38 |
| MD5 | d6d29befb8ab66846a8c83e1849daaeb |
| SHA1 | ebb5d31a0391eb8f782df9d61af27a2baffebc70 |
| SHA256 | af36bb1797146886b03ff5c1baaa112e5a096fe44fdaeb8c3697c69312cd5611 |
| SHA512 | 29a4e3177a49b3268672208842be6d6e42f149dce3869ce616a2558bb6f300b29f9c65aa30327cd26ec26de4558043b3796ada0985ac75417505bca763b63760 |
| Imphash | a0a4be492eab39394d440335c7029fc5 |
| File Size | 7711744 bytes |
Gridinsoft能够识别并消除Trojan.Win64.CoinMiner.oa!s1,无需进一步的用户干预。
| CompanyName | Microsoft HQ Pty Ltd |
| FileDescription | System |
| FileVersion | 4169 |
| InternalName | win32 |
| LegalCopyright | Copyright (C) 2006 - 2023 Microsoft HQ Pty Ltd |
| ProductName | win32 |
| ProductVersion | 4169 |
| Translation | 0x0000 0x04b0 |
 |
ebd69b914a01d95fcf35342e11695d92 935b2e40aa64c32620497ac78d394f7b ccd0f0e8b29eaa93 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x004014f0 |
| Compilation: | 2021-08-14 17:54:47 |
| Checksum: | 0x0075eea5 (Actual: 0x0075eea5) |
| OS Version: | 4.0 |
| PEiD: | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows |
| Sign: | No valid SignedData structure was found. |
| Sections: | 10 |
| Imports: | ADVAPI32, CRYPT32, IPHLPAPI, KERNEL32, msvcrt, SHELL32, USER32, USERENV, WS2_32, |
| Exports: | 0 |
| Resources: | 10 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00564508 | 0x00565000 | ec7adc228dadc2517978db2c5288ac65 | 6.46 |
| .data | 0x00566000 | 0x000102e0 | 0x00010400 | 4a5a88bc0d33ddfdd8a0c4fe86f9c47d | 3.12 |
| .rdata | 0x00577000 | 0x00121ed0 | 0x00122000 | f2b462bf3827d705c0ca92897c677d34 | 6.02 |
| .pdata | 0x00699000 | 0x0002d684 | 0x0002d800 | d940a77b092d11e3d85f83967258c625 | 6.37 |
| .xdata | 0x006c7000 | 0x00038944 | 0x00038a00 | c848e2e89052d393f750dfb2608e15c7 | 5.02 |
| .bss | 0x00700000 | 0x003206a0 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .idata | 0x00a21000 | 0x000045a0 | 0x00004600 | 30b3d40bb2e914f7459910d4aedebbe6 | 4.72 |
| .CRT | 0x00a26000 | 0x00000070 | 0x00000200 | 41a00dc7fc48dfd59b1775efb7ceb02e | 0.32 |
| .tls | 0x00a27000 | 0x00000010 | 0x00000200 | bf619eac0cdf3f68d496ea9344137e8b | 0.00 |
| .rsrc | 0x00a28000 | 0x00057af7 | 0x00057c00 | 075115c8a2053462f0749c6d679b2fa8 | 6.01 |
