xmrig | 53a15300b026ed4c8e75ee2208da7710_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

53a15300b026ed4c8e75ee2208da7710_NEIKI
Size

1.9MB
MD5

53a15300b026ed4c8e75ee2208da7710
SHA1

36fd33bc49f340612107f4509eba1466a4b774fe
SHA256

57608651a3f404028488cbffced9043d882ff4a60b38f901d80d7c566562d7d2
SHA512

60e49ffeb85606d9e6cf7be1bacf27b74f1bed3f7a70d2df231424f05ee2b70e6e91e94fee6ab18d6cdf55eb9bbbd6d8a48c7d1288a780d0ed4961a70d9201cc
SSDEEP

49152:FGUzr9GOWh50kC1/dVFdNaeUE3LqW1T/f5iBA9R86DHVVzP7ffQmS6:FG6r9GOWPClFdNaeUE3LqW1T/f5iBA9t

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53a15300b026ed4c8e75ee2208da7710_NEIKI

Files

53a15300b026ed4c8e75ee2208da7710_NEIKI
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE