| 在线病毒检测器 | v.1.0.158.174 |
| 数据库版本: | 2024-02-10 21:00:32 |
CoinMiner是一种利用受害者的计算机资源(主要是CPU和RAM)进行加密货币挖掘(例如Monero或Zcash)的恶意软件。此恶意软件通过将开源挖掘工具集成到系统的启动例程中来建立持久性,而不需要用户的同意。高级的加密货币挖掘程序通常采用定时器配置或CPU使用限制等技术,以悄悄运行并避免检测。
| File | updater.exe |
| 已检查 | 2024-02-10 19:57:04 |
| MD5 | 5f09926fd269ec484401e9efb86c3e26 |
| SHA1 | a13058eaecb1be56fac34e11a4d1ca346380699c |
| SHA256 | e39e9317a4945f93217e92e47c3dc17a2424d0dd22c18cb2fe577ae3dd7fa252 |
| SHA512 | 99a7e6ccb315e579b98bbad24f8630d475fee2c0b9c7612f7e94c4ab10688f3cf3bf6cc1aebc85b7f8ce0c14d4dc72108d2d7331b18d5b679e8daf15631f4aca |
| Imphash | 203d63d5d9a088e2d84cef737227986b |
| File Size | 5326104 bytes |
Gridinsoft能够识别并消除Trojan.Win64.CoinMiner.sa,无需进一步的用户干预。
 |
ec33e9c521cbb640147e6041cf453e4e 8ae8e94646f2667c2b94734243825fef 898d3212564ccd4d |
| Image Base: | 0x140000000 |
| Entry Point: | 0x140001140 |
| Compilation: | 2024-01-23 11:47:13 |
| Checksum: | 0x00000000 (Actual: 0x00520632) |
| OS Version: | 6.0 |
| PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
| Sign: | The expected hash does not match the digest in SpcInfo |
| Sections: | 8 |
| Imports: | msvcrt, KERNEL32, |
| Exports: | 0 |
| Resources: | 2 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000089a6 | 0x00008a00 | 61e45bdab4f7ad993b609eb3449e987d | 6.18 |
| .rdata | 0x0000a000 | 0x00002ed8 | 0x00003000 | f1b2aa8a2801efe5b55dbad859982dc9 | 4.70 |
| .data | 0x0000d000 | 0x004fb3e8 | 0x004f9400 | 623b98b71060e40b217cf39c65c296cb | 6.49 |
| .pdata | 0x00509000 | 0x00000180 | 0x00000200 | 56947665cc3df105c866dca15b3f6b7f | 3.13 |
| .00cfg | 0x0050a000 | 0x00000010 | 0x00000200 | b18c7380298e104adf73576fa46bccc1 | 0.15 |
| .tls | 0x0050b000 | 0x00000010 | 0x00000200 | bf619eac0cdf3f68d496ea9344137e8b | 0.00 |
| .rsrc | 0x0050c000 | 0x0000c090 | 0x0000c200 | bb58bf55629f6c75a590f42729046b22 | 7.96 |
| .reloc | 0x00519000 | 0x00000078 | 0x00000200 | 8d35dc6b73a8835f45783bf89be743be | 1.42 |
