xmrig | c3aca33e255e90981bab19be70251f40_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c3aca33e255e90981bab19be70251f40_NEIKI
Size

4.0MB
MD5

c3aca33e255e90981bab19be70251f40
SHA1

57f4649b0607ee71615c9c8e77a7b7b96c4f2f4b
SHA256

baf412ce6e01a7038aa5919913ffea7535b1e6c8256267f49af74abaf0307e1f
SHA512

ecc1bc8420fdef5a1f045c08d7f21c79a69594c977efae8eb26148820a7b728d93e59d6caa66ce4d265068af963292765a48ba5be70445aa75bf5fe77ef1b64f
SSDEEP

98304:a0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjlC:aFWPClF

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3aca33e255e90981bab19be70251f40_NEIKI

Files

c3aca33e255e90981bab19be70251f40_NEIKI
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE