Bitcoin trojans are a go!

Buttcoin gone, malware, spyware, trojan, virus 1 Comment June 14, 2011

Nerds and their cryptocurrency are soon departed. So it’s no surprise then that viruses and trojans are popping up like weeds.

ThreatExpert just did an analysis on one recent example. Look at the handywork of this guy!

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%AppData%\Bitcoin\.lock %AppData%\Bitcoin\db.log	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
2	%AppData%\Bitcoin\addr.dat	32,768 bytes	MD5: 0x889D8986F64AEF69D2D61BF99B0D42E8 SHA-1: 0x6BC7086BF7845C4F1AF77C4C8A9653A2DF6C8567
3	%AppData%\Bitcoin\blk0001.dat	293 bytes	MD5: 0xFBA6C2DDB443F778F5CFD55B3CA2AC82 SHA-1: 0x236DCF6F439073ACC6B3BC4FDB134619CC6FF062
4	%AppData%\Bitcoin\blkindex.dat	32,768 bytes	MD5: 0x34BC471413DCECF942CB3C1DED012D1E SHA-1: 0xF6E9B68316EDF2831605113A1CA55664C1A762BA
5	%AppData%\Bitcoin\database\log.0000000001	10,000,000 bytes	MD5: 0xD13E23C1624D2F198FDADBA2F9BD6952 SHA-1: 0x45E3752B9F32508FC0C9E9DA007890DB97C3F227
6	%AppData%\Bitcoin\debug.log	2,454 bytes	MD5: 0x6C9806B2D2F2F1A01ACFA23546B2A22A SHA-1: 0x18D9B26320D1DF1215685B724B4D92EA0A5D7BE7
7	%AppData%\Bitcoin\wallet.dat	32,768 bytes	MD5: 0xBF0F5C3E805ED07DA5A592AF61851407 SHA-1: 0xADC02A501AB4856A5EC832F9CC66A093007C12FD
8	%AppData%\Bitcoin\__db.001	24,576 bytes	MD5: 0x1DDEFBC173EADBF98AB3EC4BB72E492B SHA-1: 0x1DBD5BF0AB6C7B442296CAECEBB345F490A0DD87
9	%AppData%\Bitcoin\__db.002	507,904 bytes	MD5: 0x4CF247930C14BFECDD819E1EE0E10F67 SHA-1: 0xE8D39BA2AB7D8090A6C92AACD66C11926F5239F0
10	%AppData%\Bitcoin\__db.003	270,336 bytes	MD5: 0xD60839A41D6C0BB9DEC441E64F083A3E SHA-1: 0x278FC787C346DDF97876FB93BFC40558C1B28736
11	%AppData%\Bitcoin\__db.004	98,304 bytes	MD5: 0xBFE6A246E9F87AAE9622B00E8DE79ACD SHA-1: 0x1AD4796B86BEF477CCB9AEC6172198673B42E24A
12	%AppData%\Bitcoin\__db.005	4,005,888 bytes	MD5: 0x39AE37C762AE2EE921D9A08D3033715A SHA-1: 0x2146AB7E604F556BCACDE2E4B6F079BD5AA2B871
13	%AppData%\Bitcoin\__db.006	49,152 bytes	MD5: 0x75239342D82CB9E7976C2DFE0261829B SHA-1: 0x51515E82B58C29D26014E7C5E5ECF55E882729DB
14	[file and pathname of the sample #1]	4,878,848 bytes	MD5: 0x74E7862A05A7166D2F22DBB74F4025DB SHA-1: 0x917B96C62E0ED680CB592AF951CE6F10F94EA29D

Looks like we’re going to see a lot of people losing their “money” soon.