xmrig | 133cac66fdcdbd6be81ee802cbe6d2c0_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

133cac66fdcdbd6be81ee802cbe6d2c0_NeikiAnalytics
Size

2.2MB
MD5

133cac66fdcdbd6be81ee802cbe6d2c0
SHA1

94d4e4e28a20027d254a2c50a1244f1bc5bd41f5
SHA256

eb8d444cd1c6d3c28bf9c792ff9b958a8b7f075a1fa17aa567c535077aea4051
SHA512

4bcefd186f977f038fcd610a6fbfe2871bb9b50c75a92db2247e0b550f6206bbd857d9c46ec08d4b0ed8c756c431c1d1fe9d45239da321a3d658259d0bbb26ab
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+ANXx7xLOlDJQV3:BemTLkNdfE0pZrK

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
133cac66fdcdbd6be81ee802cbe6d2c0_NeikiAnalytics

Files

133cac66fdcdbd6be81ee802cbe6d2c0_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE