xmrig | 12da44076f5418e97cc39f1fc1e57500_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12da44076f5418e97cc39f1fc1e57500_NeikiAnalytics
Size

2.4MB
MD5

12da44076f5418e97cc39f1fc1e57500
SHA1

35f25dedc3acf5fde9fbe2a6f3c8ad3d0df25431
SHA256

212ae8133f28ce40263ccfa99500d9cad5192e5596fb7a285b675bfb44459cb0
SHA512

2cd3dddedb5af00ca82c517e1951c8c8efb3b351d716f2e368b9339d8ac47b3a56d15532e6bdb769aaf44f89d05292482bf9f0285690787f9f5cda87b6538918
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQlqOdg6VLEL3e7Z:BemTLkNdfE0pZrQZ

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12da44076f5418e97cc39f1fc1e57500_NeikiAnalytics

Files

12da44076f5418e97cc39f1fc1e57500_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE