xmrig | ecdd631cbc56f54fca0e4e5a7f936680_NEIKI | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ecdd631cbc56f54fca0e4e5a7f936680_NEIKI
Size

2.1MB
MD5

ecdd631cbc56f54fca0e4e5a7f936680
SHA1

7048158fe296ddaff0ea924c254b4bb6da6ab0c7
SHA256

ef31ed5f7eb48ed57562c09398ee998567ee56c07175628df4f80ae0a9320a74
SHA512

f748fe82f7c09ea9d5810b6bf8a9a6ba9fd6ae6db2fe13e52017a7dd9775894050a68647c54320e6e93fd95b7229a8104fdaac077cb4435cdb2c68e11d1a26e7
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlf/U0VZyEKOfCr:BemTLkNdfE0pZrA

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecdd631cbc56f54fca0e4e5a7f936680_NEIKI

Files

ecdd631cbc56f54fca0e4e5a7f936680_NEIKI
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE