xmrig | 90435259414999a02743ec6b6ce9dab0_NEAS | Triage

Sharing

Copy URL Twitter E-mail

General

Target

90435259414999a02743ec6b6ce9dab0_NEAS
Size

2.0MB
MD5

90435259414999a02743ec6b6ce9dab0
SHA1

2cf4ae5a95c74b791a83e0def7c13e14fb8e0475
SHA256

ada73535bac4965b10930faacfd71b57de871ba5f3d873faf75419544f15a28d
SHA512

4fee66ca7c3a04cb11425b8d0bca735a52fd822a3b44fd0ab9de94761fbd020d919a3d8453c4b2e843bb7cffc194e8b280b0e7f4dea7d24cb78559a89ceb6f0f
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQHxlUdVk:BemTLkNdfE0pZrQx

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90435259414999a02743ec6b6ce9dab0_NEAS

Files

90435259414999a02743ec6b6ce9dab0_NEAS
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE