xmrig | 4fe02d90fa389e768a19f8d678ec5f5533264fb4018a482f926b52721148bc9b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4fe02d90fa389e768a19f8d678ec5f5533264fb4018a482f926b52721148bc9b
Size

1.5MB
MD5

aebfdc697e9a7073106df5ce52ebf6de
SHA1

c4d274d641bca714c77f36fd1e945d9573c51c57
SHA256

4fe02d90fa389e768a19f8d678ec5f5533264fb4018a482f926b52721148bc9b
SHA512

ef9b84a32c463628fc592a3d673c1949b38551c6dd028b90dcf0074d2e470aa6ecd67573c3aab17bcc41f2bb8d06a26c20cd6365836e99eb8526c3ea4994e988
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKenszHV4a1yE14iZsWxvyukU:GezaTF8FcNkNdfE0pZ9oztFwIR1Dy2Nf

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fe02d90fa389e768a19f8d678ec5f5533264fb4018a482f926b52721148bc9b

Files

4fe02d90fa389e768a19f8d678ec5f5533264fb4018a482f926b52721148bc9b
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ