xmrig | c6162133cbc31682b2b59f2899a38eaa1cfec395bdee0f8a7b99061734d38bff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c6162133cbc31682b2b59f2899a38eaa1cfec395bdee0f8a7b99061734d38bff
Size

2.2MB
MD5

fe5ae2054b2fa93b564f87e48ab1b590
SHA1

80b035c0d41646c4cb09ec2b69fd5cd8bc3d5da5
SHA256

c6162133cbc31682b2b59f2899a38eaa1cfec395bdee0f8a7b99061734d38bff
SHA512

02dbc35bb368cfe2921a22db713e121d03a734549a1e81be5f3b84288592cd96f2e882f14a58c24fd5a1cfad9d68e737c26fd3f7895a058dc5393714d9d37966
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICbbnlD5/xs80E9:BemTLkNdfE0pZrm

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

c6162133cbc31682b2b59f2899a38eaa1cfec395bdee0f8a7b99061734d38bff
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE