XMRMinerStub[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XMRMinerStub.exe
Size

2.1MB
MD5

f0647a05c88c3fd306fdfc31d895b9d4
SHA1

1bd06813cf2564ba909ddefabc9b61cebc84a463
SHA256

ee04f0a44a262e68fbe784eeec28471ee366b090b321431f46621e5d910ff526
SHA512

682e9345328cd9738287c7ea578b12c4639a2fad2399e21c1aca7d9a959622e5d7446d839c4547393ef18030e4bfd1a53ca1f5abff9074991dd869227e362b2a
SSDEEP

49152:gPzslgT93EiYTRKki+slympEzryGrrkSfm3shmVxF8ZQoj3ZQI/y7:YRrwYscympEPyGrxfmcEVPI3a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XMRMinerStub.exe

Files

XMRMinerStub.exe
.exe windows x64

02549ff92b49cce693542fc9afb10102

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
memset
_get_pgmptr
getenv
sprintf
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit

kernel32

Sleep
CreateProcessA
SetUnhandledExceptionFilter

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ