xmrig | 27a67969f622c25eef59a4ee1fb4f430_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27a67969f622c25eef59a4ee1fb4f430_JaffaCakes118
Size

3.1MB
MD5

27a67969f622c25eef59a4ee1fb4f430
SHA1

ece72202b098b54fa8da96a2b9e159f283337b53
SHA256

1b9a8e43570426eef1644534cdfdc5e8e15696919f1324345146afbacb341a56
SHA512

60674791023753e024a47195d228f23324b4bf8dd642d3eea7bcbb4ca23833db6a335c8c3a0bb750a17dab155bcac8104deb4d6014cf7b8fb3ec351a0248a97f
SSDEEP

49152:qjOgg/Qk6qX5wdbW04UNlPnbqmIuVkSZqQk75h36QOh5PJu7pnAnoHV5N4VIRQKB:qjFbWeTZqVyAYoHV5N4VIR1Ht5N

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27a67969f622c25eef59a4ee1fb4f430_JaffaCakes118

Files

27a67969f622c25eef59a4ee1fb4f430_JaffaCakes118
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 739KB - Virtual size: 739KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ