General

Malware Config

Signatures

Files

• 36a55d3cc8700f92e6c6491f8558cc65ed3fdbd2f7cb1fd22b4697d74184000e

  .zip
• xmrig.exe

  .exe windows x86

  2dc50d421d6356e960612a41f7705c8c

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  advapi32

  AdjustTokenPrivileges

  CryptAcquireContextA

  CryptAcquireContextW

  CryptCreateHash

  CryptDecrypt

  CryptDestroyHash

  CryptDestroyKey

  CryptEnumProvidersW

  CryptExportKey

  CryptGenRandom

  CryptGetProvParam

  CryptGetUserKey

  CryptReleaseContext

  CryptSetHashParam

  CryptSignHashW

  DeregisterEventSource

  GetTokenInformation

  GetUserNameW

  LookupPrivilegeValueW

  LsaAddAccountRights

  LsaClose

  LsaOpenPolicy

  OpenProcessToken

  RegCloseKey

  RegOpenKeyExW

  RegQueryValueExW

  RegisterEventSourceW

  ReportEventW

  crypt32

  CertCloseStore

  CertDuplicateCertificateContext

  CertEnumCertificatesInStore

  CertFindCertificateInStore

  CertFreeCertificateContext

  CertGetCertificateContextProperty

  CertOpenStore

  iphlpapi

  GetAdaptersAddresses

  kernel32

  AddVectoredExceptionHandler

  AssignProcessToJobObject

  CancelIo

  CloseHandle

  ConnectNamedPipe

  ConvertFiberToThread

  ConvertThreadToFiber

  CopyFileW

  CreateDirectoryW

  CreateEventA

  CreateFiber

  CreateFileA

  CreateFileW

  CreateHardLinkW

  CreateIoCompletionPort

  CreateJobObjectW

  CreateNamedPipeA

  CreateNamedPipeW

  CreateProcessW

  CreateSemaphoreA

  CreateSemaphoreW

  CreateToolhelp32Snapshot

  DebugBreak

  DeleteCriticalSection

  DeleteFiber

  DeviceIoControl

  DuplicateHandle

  EnterCriticalSection

  ExpandEnvironmentStringsA

  FileTimeToSystemTime

  FillConsoleOutputAttribute

  FillConsoleOutputCharacterW

  FindClose

  FindFirstFileW

  FindNextFileW

  FindResourceW

  FlushFileBuffers

  FlushInstructionCache

  FormatMessageA

  FormatMessageW

  FreeConsole

  FreeLibrary

  GetConsoleCursorInfo

  GetConsoleMode

  GetConsoleScreenBufferInfo

  GetConsoleTitleW

  GetConsoleWindow

  GetCurrentDirectoryW

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThread

  GetCurrentThreadId

  GetEnvironmentVariableW

  GetExitCodeProcess

  GetFileAttributesA

  GetFileAttributesW

  GetFileInformationByHandle

  GetFileType

  GetHandleInformation

  GetLargePageMinimum

  GetLastError

  GetLongPathNameW

  GetModuleFileNameA

  GetModuleFileNameW

  GetModuleHandleA

  GetModuleHandleExW

  GetModuleHandleW

  GetNamedPipeHandleStateA

  GetNumberOfConsoleInputEvents

  GetProcAddress

  GetProcessAffinityMask

  GetProcessIoCounters

  GetProcessTimes

  GetQueuedCompletionStatus

  GetShortPathNameW

  GetStartupInfoA

  GetStartupInfoW

  GetStdHandle

  GetSystemInfo

  GetSystemTime

  GetSystemTimeAdjustment

  GetSystemTimeAsFileTime

  GetTempPathW

  GetThreadContext

  GetThreadPriority

  GetThreadTimes

  GetTickCount64

  GetTickCount

  GetVersion

  GlobalMemoryStatusEx

  InitializeCriticalSection

  InitializeCriticalSectionAndSpinCount

  IsDBCSLeadByteEx

  IsDebuggerPresent

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryExW

  LoadLibraryW

  LoadResource

  LocalAlloc

  LocalFree

  LockResource

  MoveFileExW

  MultiByteToWideChar

  OpenProcess

  OutputDebugStringA

  PeekNamedPipe

  PostQueuedCompletionStatus

  Process32First

  Process32Next

  QueryPerformanceCounter

  QueryPerformanceFrequency

  QueueUserWorkItem

  RaiseException

  ReadConsoleA

  ReadConsoleInputW

  ReadConsoleW

  ReadDirectoryChangesW

  ReadFile

  RegisterWaitForSingleObject

  ReleaseSemaphore

  RemoveDirectoryW

  RemoveVectoredExceptionHandler

  ResetEvent

  ResumeThread

  SetConsoleCtrlHandler

  SetConsoleCursorInfo

  SetConsoleCursorPosition

  SetConsoleMode

  SetConsoleTextAttribute

  SetConsoleTitleA

  SetConsoleTitleW

  SetCurrentDirectoryW

  SetEnvironmentVariableW

  SetErrorMode

  SetEvent

  SetFilePointerEx

  SetFileTime

  SetHandleInformation

  SetInformationJobObject

  SetLastError

  SetNamedPipeHandleState

  SetPriorityClass

  SetProcessAffinityMask

  SetSystemTime

  SetThreadAffinityMask

  SetThreadContext

  SetThreadPriority

  SetUnhandledExceptionFilter

  SizeofResource

  Sleep

  SuspendThread

  SwitchToFiber

  SwitchToThread

  SystemTimeToFileTime

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  TryEnterCriticalSection

  UnhandledExceptionFilter

  UnregisterWait

  UnregisterWaitEx

  VerSetConditionMask

  VerifyVersionInfoA

  VirtualAlloc

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForMultipleObjects

  WaitForSingleObject

  WaitNamedPipeW

  WideCharToMultiByte

  WriteConsoleInputW

  WriteConsoleW

  WriteFile

  msvcrt

  __doserrno

  __getmainargs

  __initenv

  __lconv_init

  __mb_cur_max

  __p___argv

  __p__acmdln

  __p__fmode

  __set_app_type

  __setusermatherr

  _aligned_free

  _aligned_malloc

  _amsg_exit

  _assert

  _beginthreadex

  _cexit

  _close

  _close

  _endthreadex

  _errno

  _exit

  _fdopen

  _filelengthi64

  _fileno

  _fileno

  _findclose

  _findfirst

  _findnext

  _fmode

  _fstat

  _fstat64

  _fullpath

  _get_osfhandle

  _initterm

  _iob

  _lock

  _lseeki64

  _mkdir

  _onexit

  _open

  _open_osfhandle

  _read

  _setjmp3

  _setmode

  _snwprintf

  _stat

  _stat

  _strdup

  _strdup

  _stricmp

  _strnicmp

  _read

  _ultoa

  _umask

  _unlock

  _vsnprintf

  _vsnwprintf

  _wchmod

  _wcsdup

  _wcsnicmp

  _wcsrev

  _wfopen

  _wmkdir

  _wopen

  _write

  _write

  _wrmdir

  abort

  atof

  atoi

  calloc

  clock

  exit

  fclose

  feof

  ferror

  fflush

  fgetpos

  fgets

  fopen

  fprintf

  fputc

  fputs

  ftell

  fread

  free

  fseek

  fsetpos

  fwrite

  getc

  getenv

  getwc

  gmtime

  islower

  isspace

  isupper

  localtime

  iswctype

  localeconv

  longjmp

  malloc

  memset

  memchr

  memcmp

  memcpy

  memmove

  printf

  putc

  putchar

  puts

  putwc

  qsort

  raise

  rand

  realloc

  setlocale

  setvbuf

  signal

  sprintf

  srand

  sscanf

  strcat

  strchr

  strcmp

  strcoll

  strcpy

  strcspn

  strerror

  strftime

  strlen

  strncmp

  strncpy

  strrchr

  strspn

  strstr

  strtol

  strtoul

  strxfrm

  time

  tolower

  toupper

  towlower

  towupper

  ungetc

  ungetwc

  vfprintf

  wcschr

  wcscmp

  wcscoll

  wcscpy

  wcsftime

  wcslen

  wcsncmp

  wcsncpy

  wcspbrk

  wcsrchr

  wcsstr

  wcstombs

  wcsxfrm

  psapi

  GetProcessMemoryInfo

  shell32

  SHGetSpecialFolderPathA

  user32

  DispatchMessageA

  GetMessageA

  GetProcessWindowStation

  GetUserObjectInformationW

  MapVirtualKeyW

  MessageBoxW

  SetWinEventHook

  ShowWindow

  TranslateMessage

  userenv

  GetUserProfileDirectoryW

  ws2_32

  FreeAddrInfoW

  GetAddrInfoW

  WSACleanup

  WSADuplicateSocketW

  WSAGetLastError

  WSAIoctl

  WSARecv

  WSARecvFrom

  WSASend

  WSASendTo

  WSASetLastError

  WSASocketW

  WSAStartup

  accept

  bind

  closesocket

  connect

  freeaddrinfo

  getaddrinfo

  gethostbyname

  gethostname

  getnameinfo

  getpeername

  getsockname

  getsockopt

  htonl

  htons

  ioctlsocket

  listen

  ntohs

  recv

  select

  send

  setsockopt

  shutdown

  socket

  Sections

  .text

  Size: 5.3MB - Virtual size: 5.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 256KB - Virtual size: 255KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 611KB - Virtual size: 611KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .eh_fram

  Size: 791KB - Virtual size: 791KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 605KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 8B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE