xmrig | c5f4367d3dff0a1013c39c73c47c9f20_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c5f4367d3dff0a1013c39c73c47c9f20_NeikiAnalytics
Size

2.3MB
MD5

c5f4367d3dff0a1013c39c73c47c9f20
SHA1

bd6f38d4b098b2970bd759ea4e36414306d3123f
SHA256

282d5636ba177c0622b12b508a02bbded58d93a8b5b416315c005082ceab23d2
SHA512

774dbd0a1da270993019100d08335abac02139304bdfb19d9b85f660c29261974957fbc2509be62ecb9f8a98c05b971da109c84191dedd02da5f1519a283caa2
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Ax4ECEc2JWrENOvQ:BemTLkNdfE0pZrC

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5f4367d3dff0a1013c39c73c47c9f20_NeikiAnalytics

Files

c5f4367d3dff0a1013c39c73c47c9f20_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE