General

Malware Config

Signatures

Files

• xmrig.exe

  .exe windows x64

  7d4194081d199b3a1f9fc6493f4e1b97

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  advapi32

  AdjustTokenPrivileges

  AllocateAndInitializeSid

  CloseServiceHandle

  ControlService

  CreateServiceW

  CryptAcquireContextW

  CryptCreateHash

  CryptDecrypt

  CryptDestroyHash

  CryptDestroyKey

  CryptEnumProvidersW

  CryptExportKey

  CryptGenRandom

  CryptGetProvParam

  CryptGetUserKey

  CryptReleaseContext

  CryptSetHashParam

  CryptSignHashW

  DeleteService

  DeregisterEventSource

  FreeSid

  GetSecurityInfo

  GetTokenInformation

  GetUserNameW

  LookupPrivilegeValueW

  LsaAddAccountRights

  LsaClose

  LsaOpenPolicy

  OpenProcessToken

  OpenSCManagerW

  OpenServiceW

  QueryServiceConfigA

  QueryServiceStatus

  RegCloseKey

  RegGetValueW

  RegOpenKeyExW

  RegQueryValueExW

  RegisterEventSourceW

  ReportEventW

  SetEntriesInAclA

  SetSecurityInfo

  StartServiceW

  SystemFunction036

  crypt32

  CertCloseStore

  CertDuplicateCertificateContext

  CertEnumCertificatesInStore

  CertFindCertificateInStore

  CertFreeCertificateContext

  CertGetCertificateContextProperty

  CertOpenStore

  iphlpapi

  ConvertInterfaceIndexToLuid

  ConvertInterfaceLuidToNameW

  GetAdaptersAddresses

  kernel32

  AddVectoredExceptionHandler

  AssignProcessToJobObject

  CancelIo

  CancelIoEx

  CancelSynchronousIo

  CloseHandle

  ConnectNamedPipe

  ConvertFiberToThread

  ConvertThreadToFiber

  CopyFileW

  CreateDirectoryW

  CreateEventA

  CreateFiber

  CreateFileA

  CreateFileMappingA

  CreateFileW

  CreateHardLinkW

  CreateIoCompletionPort

  CreateJobObjectW

  CreateNamedPipeA

  CreateNamedPipeW

  CreateProcessW

  CreateSemaphoreA

  CreateSemaphoreW

  CreateSymbolicLinkW

  CreateToolhelp32Snapshot

  DebugBreak

  DeleteCriticalSection

  DeleteFiber

  DeviceIoControl

  DuplicateHandle

  EnterCriticalSection

  ExpandEnvironmentStringsA

  FileTimeToSystemTime

  FillConsoleOutputAttribute

  FillConsoleOutputCharacterW

  FindClose

  FindFirstFileW

  FindNextFileW

  FindResourceW

  FlushFileBuffers

  FlushInstructionCache

  FlushViewOfFile

  FormatMessageA

  FormatMessageW

  FreeConsole

  FreeEnvironmentStringsW

  FreeLibrary

  GetComputerNameA

  GetConsoleCursorInfo

  GetConsoleMode

  GetConsoleScreenBufferInfo

  GetConsoleTitleW

  GetConsoleWindow

  GetCurrentDirectoryW

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThread

  GetCurrentThreadId

  GetDiskFreeSpaceW

  GetEnvironmentStringsW

  GetEnvironmentVariableW

  GetExitCodeProcess

  GetFileAttributesA

  GetFileAttributesW

  GetFileInformationByHandle

  GetFileInformationByHandleEx

  GetFileSizeEx

  GetFileType

  GetFinalPathNameByHandleW

  GetFullPathNameW

  GetHandleInformation

  GetLargePageMinimum

  GetLastError

  GetLongPathNameW

  GetModuleFileNameA

  GetModuleFileNameW

  GetModuleHandleA

  GetModuleHandleExW

  GetModuleHandleW

  GetNamedPipeHandleStateA

  GetNativeSystemInfo

  GetNumberOfConsoleInputEvents

  GetPriorityClass

  GetProcAddress

  GetProcessAffinityMask

  GetProcessHeap

  GetProcessIoCounters

  GetProcessTimes

  GetQueuedCompletionStatus

  GetShortPathNameW

  GetStartupInfoA

  GetStartupInfoW

  GetStdHandle

  GetSystemFirmwareTable

  GetSystemInfo

  GetSystemPowerStatus

  GetSystemTime

  GetSystemTimeAdjustment

  GetSystemTimeAsFileTime

  GetTempPathW

  GetThreadContext

  GetThreadPriority

  GetThreadTimes

  GetTickCount

  GetTickCount64

  GetVersion

  GetVersionExA

  GetVersionExW

  GlobalMemoryStatusEx

  HeapAlloc

  HeapFree

  InitializeConditionVariable

  InitializeCriticalSection

  InitializeCriticalSectionAndSpinCount

  IsDBCSLeadByteEx

  IsDebuggerPresent

  K32GetProcessMemoryInfo

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryExW

  LoadLibraryW

  LoadResource

  LocalAlloc

  LocalFree

  LockResource

  MapViewOfFile

  MoveFileExW

  MultiByteToWideChar

  OpenProcess

  OutputDebugStringA

  PeekNamedPipe

  PostQueuedCompletionStatus

  Process32First

  Process32Next

  QueryPerformanceCounter

  QueryPerformanceFrequency

  QueueUserWorkItem

  RaiseException

  ReOpenFile

  ReadConsoleA

  ReadConsoleInputW

  ReadConsoleW

  ReadDirectoryChangesW

  ReadFile

  RegisterWaitForSingleObject

  ReleaseSemaphore

  RemoveDirectoryW

  RemoveVectoredExceptionHandler

  ResetEvent

  ResumeThread

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlUnwindEx

  RtlVirtualUnwind

  SetConsoleCtrlHandler

  SetConsoleCursorInfo

  SetConsoleCursorPosition

  SetConsoleMode

  SetConsoleTextAttribute

  SetConsoleTitleA

  SetConsoleTitleW

  SetCurrentDirectoryW

  SetEnvironmentVariableW

  SetErrorMode

  SetEvent

  SetFileCompletionNotificationModes

  SetFilePointerEx

  SetFileTime

  SetHandleInformation

  SetInformationJobObject

  SetLastError

  SetNamedPipeHandleState

  SetPriorityClass

  SetProcessAffinityMask

  SetSystemTime

  SetThreadAffinityMask

  SetThreadContext

  SetThreadPriority

  SetUnhandledExceptionFilter

  SizeofResource

  Sleep

  SleepConditionVariableCS

  SuspendThread

  SwitchToFiber

  SwitchToThread

  SystemTimeToFileTime

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  TryEnterCriticalSection

  UnmapViewOfFile

  UnregisterWait

  UnregisterWaitEx

  VerSetConditionMask

  VerifyVersionInfoA

  VirtualAlloc

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForMultipleObjects

  WaitForSingleObject

  WaitNamedPipeW

  WakeAllConditionVariable

  WakeConditionVariable

  WideCharToMultiByte

  WriteConsoleInputW

  WriteConsoleW

  WriteFile

  __C_specific_handler

  msvcrt

  ___lc_codepage_func

  ___mb_cur_max_func

  __argv

  __doserrno

  __getmainargs

  __initenv

  __iob_func

  __set_app_type

  __setusermatherr

  _acmdln

  _amsg_exit

  _assert

  _beginthreadex

  _cexit

  _close

  _close

  _commode

  _endthreadex

  _errno

  _exit

  _fdopen

  _filelengthi64

  _fileno

  _findclose

  _fileno

  _findfirst64

  _findnext64

  _fmode

  _fstat64

  _fullpath

  _get_osfhandle

  _gmtime64

  _initterm

  _isatty

  _localtime64

  _lock

  _lseeki64

  _mkdir

  _onexit

  _open

  _open_osfhandle

  _putenv

  _read

  _read

  _setjmp

  _setmode

  _snwprintf

  _stat64

  _stricmp

  _strdup

  _strdup

  _strnicmp

  _time64

  _ultoa

  _unlock

  _umask

  _vscprintf

  _vsnprintf

  _vsnwprintf

  _wchmod

  _wcsdup

  _wcsnicmp

  _wcsrev

  _wfopen

  _wopen

  _write

  _wrmdir

  abort

  atof

  atoi

  calloc

  exit

  fclose

  feof

  ferror

  fflush

  fgetpos

  fgets

  fopen

  fprintf

  fputc

  fputs

  fread

  free

  fseek

  fsetpos

  ftell

  fwrite

  getc

  getenv

  getwc

  islower

  isspace

  isupper

  iswctype

  isxdigit

  _write

  localeconv

  longjmp

  malloc

  memchr

  memcmp

  memcpy

  memmove

  memset

  printf

  putc

  putwc

  qsort

  raise

  realloc

  rand

  setlocale

  setvbuf

  signal

  sprintf

  srand

  strcat

  strchr

  strcmp

  strcoll

  strcpy

  strcspn

  strerror

  strftime

  strlen

  strncmp

  strncpy

  strrchr

  strspn

  strstr

  strtol

  strtoul

  strxfrm

  tolower

  toupper

  towlower

  towupper

  ungetc

  vfprintf

  ungetwc

  wcschr

  wcscmp

  wcscoll

  wcscpy

  wcsftime

  wcslen

  wcsncmp

  wcsncpy

  wcspbrk

  wcsrchr

  wcsstr

  wcstombs

  wcsxfrm

  ole32

  CoCreateInstance

  CoInitializeEx

  CoUninitialize

  shell32

  SHGetSpecialFolderPathA

  user32

  DispatchMessageA

  GetLastInputInfo

  GetMessageA

  GetProcessWindowStation

  GetSystemMetrics

  GetUserObjectInformationW

  MapVirtualKeyW

  MessageBoxW

  ShowWindow

  TranslateMessage

  userenv

  GetUserProfileDirectoryW

  ws2_32

  FreeAddrInfoW

  GetAddrInfoW

  WSACleanup

  WSADuplicateSocketW

  WSAGetLastError

  WSAGetOverlappedResult

  WSAIoctl

  WSARecv

  WSARecvFrom

  WSASend

  WSASendTo

  WSASetLastError

  WSASocketW

  WSAStartup

  accept

  bind

  closesocket

  connect

  freeaddrinfo

  getaddrinfo

  gethostbyname

  gethostname

  getnameinfo

  getpeername

  getsockname

  getsockopt

  htonl

  htons

  ioctlsocket

  listen

  ntohs

  recv

  select

  send

  setsockopt

  shutdown

  socket

  Sections

  .text

  Size: 6.0MB - Virtual size: 6.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 65KB - Virtual size: 65KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 1.4MB - Virtual size: 1.4MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: 189KB - Virtual size: 188KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 240KB - Virtual size: 239KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 3.1MB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 104B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 36KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ