xmrig | fd1ebe30dd2c76705e8d9acac2c96420_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd1ebe30dd2c76705e8d9acac2c96420_NEIKI
Size

3.0MB
MD5

fd1ebe30dd2c76705e8d9acac2c96420
SHA1

38b9640c9c5b71c8599fb6dbbdf4bef54578fdff
SHA256

1493f17f86bc4e4fe1a7653741f3fbe2d1e9e9c16fefece2e2018f7ddbe5cf37
SHA512

b10663c0a4d2ac1f7f076ba0221d2277068a8e23671548bb2b4ae991f34a3135c5bdcc352b9f1378a8ba0912be0b0b013d6882e9e1817a676758f619b0a8efab
SSDEEP

98304:N0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc46:NFWPClFq

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd1ebe30dd2c76705e8d9acac2c96420_NEIKI

Files

fd1ebe30dd2c76705e8d9acac2c96420_NEIKI
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE