MadMax 2.1.4 Trojan inside

Videce · January 24, 2024, 6:52pm

Hi, I got this first time ever in all my harvester, anybody else?

Trojan:Win32/Wacatac.B!ml
Alert level: Sever
Date: 1/24/2024 1:47 PM
Category:Trojan
Details: This program is dangerous and executes commands from an attacker.
Affected items:
file: C:\Users\harvester02\Desktop\chia-gigahorse-farmer\chia.exe
@madMAx43v3r

seymour.krelborn · January 24, 2024, 7:23pm

From where did you obtain the above “chia.exe” file?
What version of gigahorse are you running?
Which anti-virus software gave you that warning?

You can upload that chia.exe file to:

…and see if it concurs with your anti-virus’ report.

You can also, from a command prompt, run:

certutil -hashfile C:\Users\harvester02\Desktop\chia-gigahorse-farmer\chia.exe

Post the output from the above command in a reply here.
Others can do the same, with their gigahorse chia.exe file’s hash result.
Then we can see if your chia.exe file differs from what others have. But the same version of gigahorse would have to be hashed for the hash results to be useful.

The “certutil” program is packaged with Windows.

Videce · January 24, 2024, 7:30pm

Running

2.1.4.giga26 Gigahorse 2.0 Node / Farmer

C:>certutil -hashfile C:\Users\harvester-04\Desktop\chia-gigahorse-farmer\chia.exe
SHA1 hash of C:\Users\harvester-04\Desktop\chia-gigahorse-farmer\chia.exe:
e23167274ce8f9b8b81b767ee98e48e913835bdf
CertUtil: -hashfile command completed successfully.

Videce · January 24, 2024, 7:32pm

The regular Windows Security

Captain_Plots-a-lot · January 24, 2024, 7:55pm

I just downloaded and scanned the files from github and no flags on my end…

Voodoo · January 24, 2024, 7:57pm

I’ve had false flags before with gigahorse on windows

Captain_Plots-a-lot · January 24, 2024, 7:58pm

e23167274ce8f9b8b81b767ee98e48e913835bdf hash on Chia.exe as well. You might be right, possible false flag.

Videce · January 24, 2024, 8:16pm

I have installed previous version and no issues detected, it can be a false flag as you say

Jacek · January 24, 2024, 8:32pm

I got the same hash on mine, and my box didn’t whine about it. It is not really a proof, but …

MSoft is facing a lot of crap propagated from their github, thus their Defender detection heuristics are skewed toward false positives.

When Edge is used to download files, it gives an option to flag it as safe (the more people use it, the faster those heuristics are relaxed for a given build). Also, there is an option for the content owner to ask MSoft to whitelist a given repository; however, Max doesn’t want to go that route.

Still, Max should include the hashes for all those downloads, so if in doubt we could run those checks.

RATTL3R · January 24, 2024, 11:31pm

I run malwarebytes premium and defender. And saw never this, if that is any reassurance.

drhicom · January 24, 2024, 11:43pm

The download is good its your machine thats having an issue, use another machine and try. Or just select to keep the download etc.

Videce · January 25, 2024, 12:23am

no idea what happens, only chia is running on those machines, now I have downgraded to previous version and seems to be working fine

drhicom · January 25, 2024, 12:40am

Downloading chia 2.1.4 from Chia works

Downloading 2.1.4gigahorse26 from Max no issue also…

Voodoo · January 25, 2024, 10:04am

yeah, it’s probably because it detects some crypto mining stuff there. And there are plenty virusses that use the infected PC to mine crypto so makes sense that way.

Bladebit alpha/beta was also often flagged by defender.

Still no reason not to be cautious and do some double checking

Ronski · January 25, 2024, 10:21am

I’ve even had my own software flagged, I always double check on Virus Total.

QuintLeo · March 14, 2024, 4:28am

Windows garbage “anti-virus” is NOTORIOUS for false flags.
To be fair, some of the better programs ALSO false flag sometimes.