xmrig | 43abe7282d6cc339c3fb7c1866b9ee20_NEAS | Triage

Sharing

General

Target

43abe7282d6cc339c3fb7c1866b9ee20_NEAS
Size

2.1MB
MD5

43abe7282d6cc339c3fb7c1866b9ee20
SHA1

9655cdae01ca15cb5008f38e5a36c954fbfcb06f
SHA256

f86db953818bf722772e2a3137132b28f1b6325f2d13e09a61b836e066e9be6d
SHA512

0da53f5ee7285de4596433576b79c10a94304e5627dcf0cb254534e3f491fd488bf4cd76eeb5a9d23c473fc0cf04f8b62271b00f0d6d60819da24204487300a5
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXGvAnCumI6QsM:BemTLkNdfE0pZrp

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43abe7282d6cc339c3fb7c1866b9ee20_NEAS

Files

43abe7282d6cc339c3fb7c1866b9ee20_NEAS
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE