xmrig | 1f1f27deffe539d99e12d720f1fbd7da_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1f1f27deffe539d99e12d720f1fbd7da_JaffaCakes118
Size

5.2MB
MD5

1f1f27deffe539d99e12d720f1fbd7da
SHA1

a021497f416dded6636e88d8955a3a7632fbfcf2
SHA256

7ece8e0973bdd09081b496e90d84e88152a60bfdd98123372fc3aed1c9d49863
SHA512

2c4f8b7cf581a3ca57d7463e410a9f58bb484fef0708f15106db4c1601ebda739eef5bde96bad48e38367d53637a3deac94443d6fbf8b3d907b8838e054b1522
SSDEEP

98304:5L6uEe3WyV1kpTAuLz2LgdOnV5N2Vv9Pe11dHO2:5oe3Wy/qEuLz20ne1DHO2

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs
miner

Processes:

resource yara_rule

sample xmrig
Xmrig family
xmrig

resource	yara_rule
sample	xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1f1f27deffe539d99e12d720f1fbd7da_JaffaCakes118

Files

1f1f27deffe539d99e12d720f1fbd7da_JaffaCakes118
.exe windows:6 windows x64 arch:x64

d0e0144a633c4970761fecbb291f8460

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\sdfgsdf\Desktop\RS\end\target\release\deps\end-e94d5db7e2e2be83.pdb

Imports

ws2_32

getpeername
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
WSASocketW
recv
WSASend
WSAGetOverlappedResult
WSAGetLastError
bind
getsockopt
setsockopt
closesocket
ioctlsocket
WSARecv
WSAIoctl

kernel32

GetProcessHeap
HeapFree
SetEnvironmentVariableW
HeapAlloc
FreeEnvironmentStringsW
Sleep
CreateToolhelp32Snapshot
Process32First
Process32Next
AddVectoredExceptionHandler
ReadFile
WriteFile
WaitForSingleObject
GetExitCodeProcess
CreatePipe
GetStdHandle
SetHandleInformation
CreateProcessW
SwitchToThread
CreateIoCompletionPort
GetModuleHandleA
GetProcAddress
QueryPerformanceCounter
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CancelIoEx
SetFileCompletionNotificationModes
GetSystemInfo
HeapReAlloc
LoadLibraryW
GetCurrentProcess
FreeLibrary
CopyFileExW
RtlCaptureContext
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
TzSpecificLocalTimeToSystemTime
GetSystemTimeAsFileTime
TlsGetValue
TlsSetValue
DeleteCriticalSection
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetEnvironmentVariableW
GetConsoleMode
WriteConsoleW
GetCurrentDirectoryW
FormatMessageW
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandle
DeviceIoControl
FindNextFileW
CreateDirectoryW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateEventW
WaitForMultipleObjects
GetOverlappedResult
CancelIo
ExitProcess
QueryPerformanceFrequency
IsProcessorFeaturePresent
RemoveDirectoryW
FindFirstFileW
FindClose
CreateThread
CloseHandle
GetLastError
GetCurrentThreadId
InitializeSListHead
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThread
DeleteFileW

advapi32

RegCloseKey
RegDeleteValueW
OpenProcessToken
SystemFunction036
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateCertificateChain
CertDuplicateStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertOpenStore
CertFreeCertificateContext

secur32

QueryContextAttributesW
AcquireCredentialsHandleA
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
DecryptMessage
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
ApplyControlToken

userenv

GetUserProfileDirectoryW

vcruntime140

memcpy
memcmp
memmove
memset
__C_specific_handler

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_exit
exit
_initialize_onexit_table
_cexit
_crt_atexit
terminate
_initterm_e
_initterm
_seh_filter_exe
_register_onexit_function
_set_app_type
__p___argv
_configure_narrow_argv
_get_initial_narrow_environment
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0e0144a633c4970761fecbb291f8460

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

advapi32

crypt32

secur32

userenv

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 32KB - Virtual size: 32KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 32KB - Virtual size: 32KB

.reloc
Size: 18KB - Virtual size: 18KB