xmrig | 5aafd0fb5eb2a3f2e770bddc808478e0_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5aafd0fb5eb2a3f2e770bddc808478e0_NEIKI
Size

1.9MB
MD5

5aafd0fb5eb2a3f2e770bddc808478e0
SHA1

66b77d50e54481ab032443b1ecaf7a0cd04e663b
SHA256

16a2d9ed8cfa1e03f07d89ef1ce2e0b9aedf788fae84b3f6edd4c8a093d1a368
SHA512

07f8c17e2edf80263b406a492ef94dc063e73b3ab73802fd4e6eb59c245a87c52f82c4e6b8833439bc638ce952b238be3e105ce28658a1262e3cbd12c392e859
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wINF/A1BOdy:BemTLkNdfE0pZru

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5aafd0fb5eb2a3f2e770bddc808478e0_NEIKI

Files

5aafd0fb5eb2a3f2e770bddc808478e0_NEIKI
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE