xmrig | 65019fb948d687bb08386ffc0d9bb5fa

Sharing

Copy URL Twitter E-mail

General

Target

65019fb948d687bb08386ffc0d9bb5fa
Size

2.0MB
MD5

65019fb948d687bb08386ffc0d9bb5fa
SHA1

7653ae626fe9c151a3faadc4443bddbdf4888788
SHA256

4252d1d70ef81f5813898620b592e7fd2235a3b40d12b7593ec4de21e84002ea
SHA512

d02602c007843cd1fc790d9bf1bd5abe3c3d691699a6ae5cb17730eaacb5faa238e4a41df40dd6d78e3326f6d22a5196102543db39e2c6da79131f24129017b2
SSDEEP

49152:OjRvgo5WiCfxLhL1oET4Ri7TNaV07oz1ehn:OVvCVhL1oET4r+o

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65019fb948d687bb08386ffc0d9bb5fa

Files

65019fb948d687bb08386ffc0d9bb5fa
.dll windows:5 windows x86 arch:x86

9905f4898b20cad1a975b78f4c324a7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
CreateProcessW
WideCharToMultiByte
CreateThread
LoadLibraryW
Sleep
MultiByteToWideChar
GetModuleHandleA
GetSystemDirectoryW
WaitForSingleObject
GetModuleFileNameW
TerminateProcess
CreateDirectoryW
GetModuleHandleW
GetProcAddress
GetLastError
GetConsoleMode
SetConsoleMode
GetCurrentThread
GetCurrentProcess
SetEndOfFile
GetFullPathNameW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
HeapSize
ReadConsoleInputA
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetFileAttributesExW
GetConsoleCP
SetStdHandle
GetModuleFileNameA
HeapReAlloc
HeapFree
HeapAlloc
GetModuleHandleExW
ExitThread
GetCommandLineW
GetCommandLineA
RaiseException
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
FreeLibraryAndExitThread
OutputDebugStringW
CloseHandle
GetStdHandle
WaitForSingleObjectEx
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
ResetEvent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
SetConsoleCtrlHandler
InitializeCriticalSection
ReadConsoleW
WriteConsoleW
GetFileType
ReadFile
WriteFile
CreateFileW
SetFilePointerEx
FlushFileBuffers
VerifyVersionInfoA
FileTimeToSystemTime
GetCurrentDirectoryW
VerSetConditionMask
WaitForMultipleObjects
FormatMessageA
PeekNamedPipe
SwitchToThread
LoadLibraryA
GetThreadTimes
FreeLibrary
SleepEx
ExpandEnvironmentStringsA
GetVersion
FindNextFileA
FindClose
GetVersionExA
GlobalMemoryStatus
FlushConsoleInputBuffer
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile

user32

GetUserObjectInformationW
MessageBoxA
FindWindowA
SendMessageA
GetDesktopWindow
GetProcessWindowStation
GetMessageW
DefWindowProcW
GetLastInputInfo
CreateWindowExW
DispatchMessageW
RegisterClassW
TranslateMessage
PostQuitMessage

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

shell32

SHGetFolderPathW

wsock32

htonl
gethostname
inet_ntoa
socket
getsockname
getpeername
closesocket
getsockopt
setsockopt
WSAGetLastError
htons
listen
shutdown
bind
select
WSASetLastError
WSACleanup
recv
connect
ntohs
__WSAFDIsSet
sendto
recvfrom
accept
ntohl
WSAStartup
send

wldap32

ord26
ord46
ord22
ord301
ord79
ord33
ord41
ord27
ord143
ord50
ord30
ord35
ord32
ord211
ord60
ord200

ws2_32

getaddrinfo
WSAIoctl
freeaddrinfo

iphlpapi

GetAdaptersInfo

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

Exports

Exports

init

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 360KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9905f4898b20cad1a975b78f4c324a7f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wsock32

wldap32

ws2_32

iphlpapi

setupapi

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 261KB - Virtual size: 260KB

.data Size: 360KB - Virtual size: 378KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 73KB - Virtual size: 73KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 261KB - Virtual size: 260KB

.data
Size: 360KB - Virtual size: 378KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 73KB - Virtual size: 73KB