Home > News content

2345 company's rogue software alliance rogue no lower limit: spread mining tools around (Photos)

via:驱动之家     time:2017/12/2 10:08:46     readed:132

"Fire velvet safety laboratory" issued a warning that,A software called Cloud Computing is being hyped through a variety of rogue channels, but it's a pure mining tool that produces "ZCoin," with no other features.

And being implanted in this computer "cloud computing" software, there will be a large number of system resources are invaded, there Caton, fever and other anomalies.

It is reported that the "cloud computing" software by the 2345's "2345 ace technology Alliance" to promote many rogue software through the "Union" to receive promotional tasks, using various means to secretly install the software on the user's computer, and then install the amount Receive the appropriate remuneration.

According to the monitoring, rogue software involved in promoting "cloud computing" mining tools are:"Cloud Love PE Toolbox", "Ling Ge Jidi survival assistant V1.1.0", "Mei Jie memo", "swf player wizard", "Mei Jie alarm clock" and so on.

This is a common affiliate of rogue promotion channels -Any rogue software can be involved, and finally receive compensation from the "Alliance" according to the installation volume.

国产流氓软件联盟无下限:四处散播挖矿工具

The following specific sample analysis:

The mining program installation package from the 2345 official website (jifen.2345.com) download "cloud computing" installation package, with 2345 official signature.

国产流氓软件联盟无下限:四处散播挖矿工具

Installation package file information

The package is releasedLoveCloud.exeMiner's program for digital currency, for digging zero. User data in the program are stored encrypted, complete decryption in CRTInit.

The code as shown below:

国产流氓软件联盟无下限:四处散播挖矿工具

Encrypted data offset +4 location stored in a 32-bit hash value, used for data validation. After validating the data, decrypt_data_by_xor is called or decrypted (the key data is 0x78817433563212F9 and the data address is stored in miner_data_base after decryption).

国产流氓软件联盟无下限:四处散播挖矿工具

Decrypted data

Decrypted data stored in the mine user name, password and mine address and other data.

国产流氓软件联盟无下限:四处散播挖矿工具

Miner information

Use the miner user name and password can log in the pool to receive the task, the implementation of mining logic.

国产流氓软件联盟无下限:四处散播挖矿工具

Log in to the pool code

When it is detected that the current number of computer CPU is greater than 2, it will open mining logic.

国产流氓软件联盟无下限:四处散播挖矿工具

Code logic

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments