xmrig | xmrig-nvidia[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

xmrig-nvidia.exe
Size

13.7MB
MD5

a811b0cca85bcbc26b692b737157ac85
SHA1

8bc37d1a554b9e81600664bfc2fa5bb2db379769
SHA256

8c9c1dfb454a8f56b76cbfb0e1071fad03d908560cff05e1de462825e83db1a4
SHA512

5e43468a8d5118c8e59272c8f8cf0e1a5e9f9c7d6a762cce5049c94538e23eaa7507fa76e80c7c081dc29f0211a702a36d7744c4a71551d610b6817a89c3513d
SSDEEP

196608:twXqnSkyRhi8gdOowGOANu1Ghyn96VDM762Sa:twXqnaRY8mOowR1Ghy

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Files

xmrig-nvidia.exe
.exe windows x64

0a5c80001f893adc62d57d32cf7bcbc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAIoctl
gethostname
recv
send
WSASetLastError
WSAGetLastError
ntohs
ioctlsocket
getsockname
getsockopt
WSAStartup
WSACleanup
accept
bind
closesocket
connect
listen
setsockopt
socket
htonl
__WSAFDIsSet
WSAPoll
select
WSARecvFrom
FreeAddrInfoW
GetAddrInfoW
htons
WSASend
shutdown
WSASocketW
WSARecv

advapi32

CryptDecrypt
DeregisterEventSource
RegisterEventSourceW
CryptAcquireContextA
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
ReportEventW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW

nvcuda

cuInit
cuGetErrorString
cuDeviceGet
cuCtxCreate_v2
cuCtxSynchronize
cuModuleLoadDataEx
cuModuleUnload
cuModuleGetFunction
cuLaunchKernel_ptsz

nvrtc64_100_0

nvrtcGetErrorString
nvrtcCreateProgram
nvrtcDestroyProgram
nvrtcCompileProgram
nvrtcGetPTXSize
nvrtcGetPTX
nvrtcGetProgramLogSize
nvrtcGetProgramLog
nvrtcAddNameExpression
nvrtcGetLoweredName

iphlpapi

GetAdaptersAddresses

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

kernel32

GetThreadTimes
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlPcToFileHeader
RtlUnwindEx
GetCommandLineA
GetCommandLineW
ExitProcess
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
SetStdHandle
GetConsoleCP
GetFileAttributesExW
SetFileAttributesW
ExitThread
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetNumaHighestNodeNumber
GetLogicalProcessorInformation
GetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
GetLocaleInfoW
CompareStringW
GetTickCount
CreateEventW
DecodePointer
EncodePointer
WaitForSingleObjectEx
VerifyVersionInfoW
DeleteTimerQueueTimer
ChangeTimerQueueTimer
HeapSize
CreateTimerQueueTimer
GetSystemDirectoryW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
SetEndOfFile
GetFileAttributesW
GetStdHandle
GetConsoleMode
SetConsoleMode
CloseHandle
FreeConsole
GetConsoleWindow
MultiByteToWideChar
GetCurrentProcess
GetCurrentThread
SetThreadPriority
GetModuleHandleW
GetProcAddress
SetThreadAffinityMask
GetLastError
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
LocalAlloc
LocalFree
ExpandEnvironmentStringsA
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerW
SwitchToThread
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetFileType
WriteFile
ConvertFiberToThread
ConvertThreadToFiber
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
LoadLibraryW
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RegisterWaitForSingleObject
UnregisterWait
GetConsoleCursorInfo
CreateFileW
DuplicateHandle
QueueUserWorkItem
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
CreateFileA
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
GetLongPathNameW
GetShortPathNameW
RtlUnwind
GetCurrentDirectoryW
ReadDirectoryChangesW
VerifyVersionInfoA
GetModuleFileNameW
SetEnvironmentVariableW
InitializeCriticalSection
GetVersionExW
FreeEnvironmentStringsW
FileTimeToSystemTime
GetSystemInfo
VerSetConditionMask
GetEnvironmentStringsW
SetConsoleCtrlHandler
Sleep
CreateDirectoryW
ReadFile
GetFileInformationByHandleEx
GetFileSizeEx
GetDiskFreeSpaceW
DeviceIoControl
RemoveDirectoryW
GetFinalPathNameByHandleW
SetFileTime
ReOpenFile
CreateHardLinkW
UnmapViewOfFile
GetFileInformationByHandle
FlushViewOfFile
SetFilePointerEx
CreateFileMappingA
MoveFileExW
CopyFileW
CreateSymbolicLinkW
MapViewOfFile
FlushFileBuffers
SleepConditionVariableCS
TryEnterCriticalSection
ReleaseSemaphore
WakeConditionVariable
InitializeConditionVariable
ResumeThread
SetEvent
GetNativeSystemInfo
CreateSemaphoreW
CreateSemaphoreA
CreateEventA
CancelIo
SetHandleInformation
SetFileCompletionNotificationModes
FormatMessageA
LoadLibraryExW
SetNamedPipeHandleState
CreateNamedPipeW
PeekNamedPipe
CancelSynchronousIo
GetNamedPipeHandleStateA
CancelIoEx
ConnectNamedPipe
DebugBreak
GetModuleHandleA
TerminateProcess
UnregisterWaitEx
LCMapStringW
GetExitCodeProcess
GetStartupInfoW
GetTickCount64
RaiseException
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
FreeLibraryAndExitThread
GetProcessAffinityMask
GetFullPathNameW

user32

ShowWindow
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
TranslateMessage
DispatchMessageA
MapVirtualKeyW
GetMessageA
MessageBoxW

bcrypt

BCryptGenRandom

Exports

Exports

NvOptimusEnablementCuda

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nv_fatb
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nvFatBi
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a5c80001f893adc62d57d32cf7bcbc2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

nvcuda

nvrtc64_100_0

iphlpapi

crypt32

kernel32

user32

bcrypt

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 845KB - Virtual size: 844KB

.data Size: 62KB - Virtual size: 2.6MB

.pdata Size: 102KB - Virtual size: 102KB

.nv_fatb Size: 10.6MB - Virtual size: 10.6MB

.nvFatBi Size: 512B - Virtual size: 48B

_TEXT_CN Size: 6KB - Virtual size: 6KB

_TEXT_CN Size: 7KB - Virtual size: 7KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 845KB - Virtual size: 844KB

.data
Size: 62KB - Virtual size: 2.6MB

.pdata
Size: 102KB - Virtual size: 102KB

.nv_fatb
Size: 10.6MB - Virtual size: 10.6MB

.nvFatBi
Size: 512B - Virtual size: 48B

_TEXT_CN
Size: 6KB - Virtual size: 6KB

_TEXT_CN
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 31KB - Virtual size: 31KB