MadMax 2.1.4 Trojan inside

Hi, I got this first time ever in all my harvester, anybody else?

Trojan:Win32/Wacatac.B!ml
Alert level: Sever
Date: 1/24/2024 1:47 PM
Category:Trojan
Details: This program is dangerous and executes commands from an attacker.
Affected items:
file: C:\Users\harvester02\Desktop\chia-gigahorse-farmer\chia.exe
@madMAx43v3r

From where did you obtain the above “chia.exe” file?
What version of gigahorse are you running?
Which anti-virus software gave you that warning?

You can upload that chia.exe file to:

…and see if it concurs with your anti-virus’ report.

You can also, from a command prompt, run:

certutil -hashfile C:\Users\harvester02\Desktop\chia-gigahorse-farmer\chia.exe

Post the output from the above command in a reply here.
Others can do the same, with their gigahorse chia.exe file’s hash result.
Then we can see if your chia.exe file differs from what others have. But the same version of gigahorse would have to be hashed for the hash results to be useful.

The “certutil” program is packaged with Windows.

1 Like

Running

2.1.4.giga26 Gigahorse 2.0 Node / Farmer

C:>certutil -hashfile C:\Users\harvester-04\Desktop\chia-gigahorse-farmer\chia.exe
SHA1 hash of C:\Users\harvester-04\Desktop\chia-gigahorse-farmer\chia.exe:
e23167274ce8f9b8b81b767ee98e48e913835bdf
CertUtil: -hashfile command completed successfully.

The regular Windows Security

I just downloaded and scanned the files from github and no flags on my end…

1 Like

I’ve had false flags before with gigahorse on windows

2 Likes

e23167274ce8f9b8b81b767ee98e48e913835bdf hash on Chia.exe as well. You might be right, possible false flag.

1 Like

I have installed previous version and no issues detected, it can be a false flag as you say

I got the same hash on mine, and my box didn’t whine about it. It is not really a proof, but …

MSoft is facing a lot of crap propagated from their github, thus their Defender detection heuristics are skewed toward false positives.

When Edge is used to download files, it gives an option to flag it as safe (the more people use it, the faster those heuristics are relaxed for a given build). Also, there is an option for the content owner to ask MSoft to whitelist a given repository; however, Max doesn’t want to go that route.

Still, Max should include the hashes for all those downloads, so if in doubt we could run those checks.

I run malwarebytes premium and defender. And saw never this, if that is any reassurance.

1 Like

The download is good its your machine thats having an issue, use another machine and try. Or just select to keep the download etc.

no idea what happens, only chia is running on those machines, now I have downgraded to previous version and seems to be working fine

Downloading chia 2.1.4 from Chia works

Downloading 2.1.4gigahorse26 from Max no issue also…

yeah, it’s probably because it detects some crypto mining stuff there. And there are plenty virusses that use the infected PC to mine crypto so makes sense that way.

Bladebit alpha/beta was also often flagged by defender.

Still no reason not to be cautious and do some double checking :wink:

I’ve even had my own software flagged, I always double check on Virus Total.