| 在线病毒检测器 | v.1.0.184.174 |
| 数据库版本: | 2024-08-12 12:00:21 |
CoinMiner是一种利用受害者的计算机资源(主要是CPU和RAM)进行加密货币挖掘(例如Monero或Zcash)的恶意软件。此恶意软件通过将开源挖掘工具集成到系统的启动例程中来建立持久性,而不需要用户的同意。高级的加密货币挖掘程序通常采用定时器配置或CPU使用限制等技术,以悄悄运行并避免检测。
| File | IMG001.exe |
| 已检查 | 2024-08-12 09:51:08 |
| MD5 | 286ffad0c8b0d1e5cc3372c9ac36db9d |
| SHA1 | d0b3da62d0aa44d7231352489b33c8b153fc1fb9 |
| SHA256 | cd6459f6d3b0c39b85fa5c8e009b19da47915f2a1f3220c1adf6eb51e270d755 |
| SHA512 | baf54f9bd99303ad35627e6d992dc83391f550ed8ddc792e9f73eb121f6ac77fd0a035ad9d1505d8af2b79ebbe0b0d0b9bafb2275a0fc04b4b78450f9d4a080c |
| Imphash | 7fa974366048f9c551ef45714595665e |
| File Size | 3366168 bytes |
Gridinsoft能够识别并消除Trojan.Win32.CoinMiner.bot!s5,无需进一步的用户干预。
 |
1f72cfbc50a07d177fb3e446a59df406 8178acc1f236273c1fd3b8ede6629310 beb4b6b6b6b6b030 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x004030fa |
| Compilation: | 2009-12-05 22:52:12 |
| Checksum: | 0x00000000 (Actual: 0x00345169) |
| OS Version: | 4.0 |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 5 |
| Imports: | KERNEL32, USER32, GDI32, SHELL32, ADVAPI32, COMCTL32, ole32, VERSION, |
| Exports: | 0 |
| Resources: | 15 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00005c4c | 0x00005e00 | c52a72deb0170941d392ec38c6aeafd0 | 6.44 |
| .rdata | 0x00007000 | 0x0000129c | 0x00001400 | dc77f8a1e6985a4361c55642680ddb4f | 5.05 |
| .data | 0x00009000 | 0x00048c58 | 0x00000400 | 723ad80df002dc5421798f4307abe5cf | 4.80 |
| .ndata | 0x00052000 | 0x00040000 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .rsrc | 0x00092000 | 0x0000f160 | 0x0000f200 | dfc95b04349808cf64c3afacbf2d28da | 6.88 |
