It's the auto updater.

bait
show proof

Originally posted by stez:

So I have stumbled upon this Gaijin auto updater called gjagent.exe which is permanently running in the background. Out of curiosity, I have opended its logfiles and saw:

0.00 [D] CPU mining off

this has sparked further interest, so I have done some further analysis of the exe. I found strings like:

minerid.v1.id
New miner id {%s} generated
gjminercpu.exe
gjminercpu64.exe
Miner is already running
-o gaijin-miner-pool.gaijinent.com:27021 -u %S --no-color

nothing conclusive, but it certainly does look suspitious. Perhaps Gaijin is laying a foundation for some throttled cpu based cryptocurrency mining, which noone would notice? Anyone dares to do some deeper analysis of the exe?

It's pretty obvious it's using us to mine money for them. Im disabling it immedietly.

No! I FIGURED IT OUT! Every time you fail to kill an IS6, the bitcoin value increases by .00000000000000000000000000000000000001! I HAVE SOLVED THE PUZZLE PAT!!! GIMME A TRIP TO THE GULAG!!!!

It's the CIA sending mind control radio waves via a Russian made game to control your mind. Quick get that tin foil hat on and watch for chem trails.

This could just be how it pings the server and relays information; also miners spawn workers. Not other miners; so i doubt it's a bitcoin miner at all. Plus CPUs are such trash for mining all but a few coins which are speculative; il look at it when i get home but it would be nice for rellik or raiden to look at this.

Originally posted by Spent Casing:

It's the CIA sending mind control radio waves via a Russian made game to control your mind. Quick get that tin foil hat on and watch for chem trails.

Very funny. Its obviously the same Russian hackers that stole the election using our computers to mine our uranium for the Clintons.

No No No... its a program that investigates what sounds you don't like hearing (that you close as soon as you hear them) and that is what they change the engines sounds on the planes to in future updates.

This update they got the B17E. Sounds like a VW bug with no muffler. FML!

Originally posted by stez:

nothing conclusive, but it certainly does look suspitious. Perhaps Gaijin is laying a foundation for some throttled cpu based cryptocurrency mining, which noone would notice? Anyone dares to do some deeper analysis of the exe?

nice find...

it indeed looks as if Gaijin is preparing some sort of cryptocurrency mining.

while it doesn't seem to be active by default yet and even enabling it manually doesn't seem to get the mining process running there are several hints about it... you can even download the mining tool manually and analyze or even run it ^^

...or upload it to a analyzing website like virustotal.com which will give you a mixed result =/
https://www.virustotal.com/#/file/0d302e6895b58d35b9529f3e90529e6dbd6ee19a84c9fd5c57d81beb1d783fda/detection

the miner appears to be based on XMRig ( https://github.com/xmrig/xmrig ) which is a Monero miner ( https://en.wikipedia.org/wiki/Monero_(cryptocurrency) )


edit: forgot to mention that this could be used to mine a Gaijin exclusive 'currency' (as there are Gaijin.coin mentioned in the files) rather than a public internet currency... something like origin or bioware points to be able to buy ingame content. it doesn't necessarily mean that we are about to mine 'money' for Gaijin ;)

Originally posted by relliK:

Originally posted by stez:

nothing conclusive, but it certainly does look suspitious. Perhaps Gaijin is laying a foundation for some throttled cpu based cryptocurrency mining, which noone would notice? Anyone dares to do some deeper analysis of the exe?

nice find...

it indeed looks as if Gaijin is preparing some sort of cryptocurrency mining.

while it doesn't seem to be active by default yet and even enabling it manually doesn't seem to get the mining process running there are several hints about it... you can even download the mining tool manually and analyze or even run it ^^

...or upload it to a analyzing website like virustotal.com which will give you a mixed result =/
https://www.virustotal.com/#/file/0d302e6895b58d35b9529f3e90529e6dbd6ee19a84c9fd5c57d81beb1d783fda/detection

the miner appears to be based on XMRig ( https://github.com/xmrig/xmrig ) which is a Monero miner ( https://en.wikipedia.org/wiki/Monero_(cryptocurrency) )

Wow; that's sketchy as ♥♥♥♥.

Originally posted by stez:

So I have stumbled upon this Gaijin auto updater called gjagent.exe which is permanently running in the background. Out of curiosity, I have opended its logfiles

How do you even open the log files?

I've tried doing it myself but can't find it.

this explain why they installed this "autoupdate"... open the launcher and let it update was too simple? why add a permanet resident in memory "autoupdater"??? this seems a good explaination.

Originally posted by Chaotic Harmony:

This could just be how it pings the server and relays information; also miners spawn workers. Not other miners; so i doubt it's a bitcoin miner at all. Plus CPUs are such trash for mining all but a few coins which are speculative; il look at it when i get home but it would be nice for rellik or raiden to look at this.

Did you read about the scheme Pirte Bay was testing? They were mining using your CPU while you were browsing the page. The combined power of all visitors is huge despite the fact that only a CPU is used. We will definitely see this approach more and more.

Edit: as was pointed out, they are using the Monero currency (or some derivate - but I highly doubt that). Monero is much more CPU focused: "Monero uses the CryptoNight Proof of Work (PoW) algorithm, which is designed for use in ordinary CPUs"

Originally posted by relliK:

Originally posted by stez:

nothing conclusive, but it certainly does look suspitious. Perhaps Gaijin is laying a foundation for some throttled cpu based cryptocurrency mining, which noone would notice? Anyone dares to do some deeper analysis of the exe?

nice find...

it indeed looks as if Gaijin is preparing some sort of cryptocurrency mining.

while it doesn't seem to be active by default yet and even enabling it manually doesn't seem to get the mining process running there are several hints about it... you can even download the mining tool manually and analyze or even run it ^^

...or upload it to a analyzing website like virustotal.com which will give you a mixed result =/
https://www.virustotal.com/#/file/0d302e6895b58d35b9529f3e90529e6dbd6ee19a84c9fd5c57d81beb1d783fda/detection

the miner appears to be based on XMRig ( https://github.com/xmrig/xmrig ) which is a Monero miner ( https://en.wikipedia.org/wiki/Monero_(cryptocurrency) )


edit: forgot to mention that this could be used to mine a Gaijin exclusive 'currency' (as there are Gaijin.coin mentioned in the files) rather than a public internet currency... something like origin or bioware points to be able to buy ingame content. it doesn't necessarily mean that we are about to mine 'money' for Gaijin ;)

One would expect that if they developed their currency, that it would be a premined currency and they would hold it all initially, but who knows...

luminarty confirdmedded