| 在线病毒检测器 | v.1.0.169.174 |
| 数据库版本: | 2024-03-20 11:00:30 |
CoinMiner是一种利用受害者的计算机资源(主要是CPU和RAM)进行加密货币挖掘(例如Monero或Zcash)的恶意软件。此恶意软件通过将开源挖掘工具集成到系统的启动例程中来建立持久性,而不需要用户的同意。高级的加密货币挖掘程序通常采用定时器配置或CPU使用限制等技术,以悄悄运行并避免检测。
| File | hellminer.exe |
| 已检查 | 2024-03-20 09:51:00 |
| MD5 | b7918613de76fc795f1410f2e1073f6e |
| SHA1 | cb4357229f6506557db0a10a15cc7b3bfda9987e |
| SHA256 | de1e4b30fc56292af56c3efb280e3789545fde702f0d2d51501d96f855ab90e4 |
| SHA512 | 37f41196e57624b3e3745349b6ba381f6ef876946cb8b58d0c287244a88d97b73b5ae417bedfde2eb9d42fd9209aa40182acbd4b082d3ea9b70fd8b24135a702 |
| Imphash | ba5546933531fafa869b1f86a4e2a959 |
| File Size | 19851145 bytes |
Gridinsoft能够识别并消除Trojan.Win64.CoinMiner.cl,无需进一步的用户干预。
 |
85815c7da6a8edd32b2dbf4fe80e526f 90e4bf66f58a22b4ccbd13f156155262 3e39893332460707 |
| Image Base: | 0x140000000 |
| Entry Point: | 0x14000a6a0 |
| Compilation: | 2023-05-29 17:56:03 |
| Checksum: | 0x012fa450 (Actual: 0x012fa450) |
| OS Version: | 5.2 |
| PEiD: | PE32+ executable (console) x86-64, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 7 |
| Imports: | KERNEL32, ADVAPI32, |
| Exports: | 0 |
| Resources: | 3 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00028890 | 0x00028a00 | 7c71956ea75242f33df45f4d2c19a4d8 | 6.49 |
| .rdata | 0x0002a000 | 0x0001271a | 0x00012800 | 3fe514686d6fb88f2b115fc35076bdd2 | 5.85 |
| .data | 0x0003d000 | 0x000103f8 | 0x00000e00 | 9bd2cebaa3285e8e266c4c373a15119d | 1.81 |
| .pdata | 0x0004e000 | 0x000020e8 | 0x00002200 | f2a57235499cb8c84daf2de6f18a85eb | 5.33 |
| _RDATA | 0x00051000 | 0x0000015c | 0x00000200 | 32c20bb907888de565d4d8836d097016 | 2.80 |
| .rsrc | 0x00052000 | 0x000048b4 | 0x00004a00 | 397c8b90a1d7a175303f2ba667ae4bad | 6.46 |
| .reloc | 0x00057000 | 0x0000075c | 0x00000800 | b7279c82d58eeae8dc663879402c6f2e | 5.24 |
