xmrig | d81e81c820943ff9b1e8b36379dacdfddd14a826893b9d0b66dc6b9d774f5520 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d81e81c820943ff9b1e8b36379dacdfddd14a826893b9d0b66dc6b9d774f5520
Size

1.9MB
MD5

99b79eed8efd1b4dba0572051d3907a4
SHA1

c94db59dbf157e9238946a763eedd72d8b666e5e
SHA256

d81e81c820943ff9b1e8b36379dacdfddd14a826893b9d0b66dc6b9d774f5520
SHA512

7b951bba72a41192c25ac8456c7497897aac7dbd36f202340d3b93eefb5aa05c2ec57d1fe335609b30469987f5582a2a5ee8ca6f47a6b7d141402875d527bb35
SSDEEP

49152:T1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrSax91MkibTIDOy:T1ONtyBeSFkXV1etEKLlWUTOfeiRA2RI

Score

10^/10

miner xmrig

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d81e81c820943ff9b1e8b36379dacdfddd14a826893b9d0b66dc6b9d774f5520

Files

d81e81c820943ff9b1e8b36379dacdfddd14a826893b9d0b66dc6b9d774f5520
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ