xmrig | 25d355e0d256871124990516a8b32440

Sharing

Copy URL Twitter E-mail

General

Target

25d355e0d256871124990516a8b32440
Size

671KB
MD5

25d355e0d256871124990516a8b32440
SHA1

3d10a42eb87645a1fa425d5fe39d03a77dceb072
SHA256

4fc9702fe052162df02e0e1f194671b329a167edf59592ae1acfaf9863058e51
SHA512

15419845e075d2efac3d5a94685b67a4369522e91784718f0f0581e693511791851af542ef8fb844dffd6fa6dd70c7fe8a7613e17aa90e16062f71e939fe2082
SSDEEP

12288:YG7XmTIZ/DkHxJsi5xfKrNWG/lM45/xZYlqCCC/rc9vTnwkYnQTJiWue+2L/Bv7E:YGDmT8bkjsi5xKz/lM41xZYlqCCC/rcb

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25d355e0d256871124990516a8b32440

Files

25d355e0d256871124990516a8b32440
.exe windows:6 windows x86 arch:x86

1624c7fd28653367688af91ecfc4253b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
TerminateProcess
WaitForSingleObject
ResumeThread
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
GetThreadContext
GetProcAddress
VirtualAllocEx
ReadProcessMemory
CreateProcessA
SetThreadContext
lstrcmpW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

vcruntime140

__current_exception_context
memset
_except_handler4_common
_CxxThrowException
__std_exception_destroy
__current_exception
__std_exception_copy

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initterm_e
_controlfp_s
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_get_narrow_winmain_command_line
_initialize_narrow_environment
_cexit
exit
_crt_atexit
_configure_narrow_argv
_exit
_set_app_type
_initialize_onexit_table
_seh_filter_exe
_initterm

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 659KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1624c7fd28653367688af91ecfc4253b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 659KB - Virtual size: 659KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 632B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 659KB - Virtual size: 659KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 632B