| 在线病毒检测器 | v.1.0.192.174 |
| 数据库版本: | 2024-10-15 08:00:31 |
CoinMiner是一种利用受害者的计算机资源(主要是CPU和RAM)进行加密货币挖掘(例如Monero或Zcash)的恶意软件。此恶意软件通过将开源挖掘工具集成到系统的启动例程中来建立持久性,而不需要用户的同意。高级的加密货币挖掘程序通常采用定时器配置或CPU使用限制等技术,以悄悄运行并避免检测。
| File | Helper.exe |
| 已检查 | 2024-10-15 05:36:31 |
| MD5 | f776d24926daaadcae5f9caefc882afa |
| SHA1 | 4f1c535b6d371249c68843196bebc93e5e7e64a6 |
| SHA256 | dfc306f2b44e1bc8a7e7a8a69ae2e8d369b20d80bd69b8193c204d1ef5b622e8 |
| SHA512 | 153aa345801c44d5d77a5238c74fac7c002342e6c70bf2ef53b5f5b4dd2004d034997dd3fb43074f23e9223c21973cc4691b2d6f256312ed4e4242d0346aa2cb |
| Imphash | afcdf79be1557326c854b6e20cb900a7 |
| File Size | 7747072 bytes |
Gridinsoft能够识别并消除Trojan.Win32.CoinMiner.cld,无需进一步的用户干预。
| Translation | 0x0809 0x04b0 |
 |
3d5dc4e5a911bee7292a914140092c8c a788a1c8239f81d6e401dd187d68f45e b2b2e3e3e3a3a200 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x0042800a |
| Compilation: | 2022-09-02 09:11:11 |
| Checksum: | 0x00771cd5 (Actual: 0x00771cd5) |
| OS Version: | 5.1 |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 5 |
| Imports: | WSOCK32, VERSION, WINMM, COMCTL32, MPR, WININET, PSAPI, IPHLPAPI, USERENV, UxTheme, KERNEL32, USER32, GDI32, COMDLG32, ADVAPI32, SHELL32, ole32, OLEAUT32, |
| Exports: | 0 |
| Resources: | 26 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0008dfdd | 0x0008e000 | 310e36668512d53489c005622bb1b4a9 | 6.68 |
| .rdata | 0x0008f000 | 0x0002fd8e | 0x0002fe00 | 748cf1ab2605ce1fd72d53d912abb68f | 5.76 |
| .data | 0x000bf000 | 0x00008f74 | 0x00005200 | aae9601d920f07080bdfadf43dfeff12 | 1.20 |
| .rsrc | 0x000c8000 | 0x00698f8c | 0x00699000 | 51bff4cc25051cf7e6d093eda8531d25 | 8.00 |
| .reloc | 0x00761000 | 0x00007134 | 0x00007200 | f04128ad0f87f42830e4a6cdbc38c719 | 6.78 |
