xmrig | 2804bed9792783532206e5b7595cc9df1632d28e4b0e328c52b66d76f24e20d4

Sharing

Copy URL

Twitter E-mail

General

Target

2804bed9792783532206e5b7595cc9df1632d28e4b0e328c52b66d76f24e20d4
Size

3.1MB
MD5

176f18885af9ebbdd51b11974d615d69
SHA1

f6e7db8ef5f39a9433bdaf69ab5bdebd410a894d
SHA256

2804bed9792783532206e5b7595cc9df1632d28e4b0e328c52b66d76f24e20d4
SHA512

aee022a26d214454ec32378f1772daae2921f90e9238a371cd4fe0b5644e4243548c4bdccb5048fa3f60f5c152e1e177a05c6dbc01e67d5189a80f8df67cc5c8
SSDEEP

98304:8w7Uv3+272boDZHaWhEnVsVltONtlIW8:8AUv3+27uq6WhE+W

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner Payload 1 IoCs
miner

Processes:

resource yara_rule

sample xmrig
Xmrig family
xmrig

resource	yara_rule
sample	xmrig

Files

2804bed9792783532206e5b7595cc9df1632d28e4b0e328c52b66d76f24e20d4
.exe windows x64

88590fd87082064ba13b6778bc2a1589

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSACleanup
WSARecvFrom
htons
send
socket
gethostname
recv
getnameinfo
__WSAFDIsSet
accept
bind
WSAIoctl
closesocket
WSASend
select
ntohl
shutdown
listen
WSASetLastError
WSASocketW
getaddrinfo
getpeername
getsockname
ntohs
connect
WSAAddressToStringW
WSARecv
getsockopt
htonl
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
WSAStartup

kernel32

TlsSetValue
SetLastError
EnterCriticalSection
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
PostQueuedCompletionStatus
CreateEventW
Sleep
GetLastError
SetEvent
TerminateThread
TlsAlloc
CloseHandle
QueueUserAPC
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
CreateIoCompletionPort
GetStdHandle
SetConsoleMode
GetConsoleMode
FreeConsole
GetConsoleWindow
VirtualFree
GetCurrentProcess
VirtualAlloc
LocalAlloc
LocalFree
FlushInstructionCache
SetPriorityClass
SetThreadPriority
GetCurrentThread
GetProcAddress
GetModuleHandleW
SetThreadAffinityMask
FormatMessageA
SetConsoleCtrlHandler
InitializeCriticalSection
SetErrorMode
GetQueuedCompletionStatusEx
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RegisterWaitForSingleObject
UnregisterWait
GetConsoleCursorInfo
CreateFileW
DuplicateHandle
QueueUserWorkItem
MultiByteToWideChar
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
CreateFileA
ReadConsoleW
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
SleepConditionVariableCS
TryEnterCriticalSection
ReleaseSemaphore
WakeConditionVariable
InitializeConditionVariable
ResumeThread
CreateSemaphoreW
CreateSemaphoreA
CreateEventA
GetFileType
GetModuleFileNameW
SetEnvironmentVariableW
GetEnvironmentVariableW
QueryDepthSList
SetWaitableTimer
FileTimeToSystemTime
QueryPerformanceFrequency
GetSystemInfo
GetCurrentDirectoryW
GetCurrentProcessId
QueryPerformanceCounter
CreateDirectoryW
ReadFile
WriteFile
DeviceIoControl
RemoveDirectoryW
GetFinalPathNameByHandleW
SetFileTime
ReOpenFile
CreateHardLinkW
GetFileAttributesW
GetFileInformationByHandle
SetFilePointerEx
MoveFileExW
CopyFileW
CreateSymbolicLinkW
FlushFileBuffers
SetHandleInformation
CancelIo
DebugBreak
SetNamedPipeHandleState
CreateNamedPipeW
PeekNamedPipe
CancelSynchronousIo
RtlUnwind
CancelIoEx
SwitchToThread
ConnectNamedPipe
GetLongPathNameW
ReadDirectoryChangesW
GetModuleHandleA
LoadLibraryA
TerminateProcess
UnregisterWaitEx
LCMapStringW
CreateProcessW
GetExitCodeProcess
GetStartupInfoW
CreateWaitableTimerW
GetSystemTimeAsFileTime
GetSystemTime
SystemTimeToFileTime
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
ConvertFiberToThread
ConvertThreadToFiber
GetTickCount
GlobalMemoryStatus
ReadConsoleA
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
InterlockedFlushSList
LoadLibraryW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
ExitThread
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
SetStdHandle
GetConsoleCP
GetFileAttributesExW
SetFileAttributesW
ExitProcess
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
HeapSize
GetFileSizeEx
GetTimeZoneInformation
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetACP
GetProcessAffinityMask
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetEndOfFile
GetNamedPipeHandleStateA
GetCurrentThreadId
WaitForSingleObjectEx
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
GetLocaleInfoW
GetStringTypeW
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
CreateTimerQueue
SignalObjectAndWait
CreateThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
MapVirtualKeyW
DispatchMessageA
TranslateMessage
ShowWindow
GetMessageA

advapi32

RegisterEventSourceW
LsaClose
LsaAddAccountRights
LsaOpenPolicy
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
GetTokenInformation
DeregisterEventSource
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88590fd87082064ba13b6778bc2a1589

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

crypt32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 692KB - Virtual size: 692KB

.data Size: 75KB - Virtual size: 98KB

.pdata Size: 100KB - Virtual size: 100KB

_TEXT_CN Size: 32KB - Virtual size: 31KB

_TEXT_CN Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 692KB - Virtual size: 692KB

.data
Size: 75KB - Virtual size: 98KB

.pdata
Size: 100KB - Virtual size: 100KB

_TEXT_CN
Size: 32KB - Virtual size: 31KB

_TEXT_CN
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 27KB