xmrig | 809e526cdb79aa483370d57430eae340_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

809e526cdb79aa483370d57430eae340_NeikiAnalytics
Size

2.0MB
MD5

809e526cdb79aa483370d57430eae340
SHA1

e45181125b5d9e1731d86187a9b0fd5257410470
SHA256

641efd017eefa8f18269b33037bac467c3c8d5dda3ba1433565d9edcdc55fe72
SHA512

a24e3f6131c3f88db7537c4c62f76aa9c0f0167d94dea9addc4412253601df1b243ba62517cfc003ea86fd9a7dd91bbcc3e3d3410034edd81efab0b76321a785
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AKwOowxQm+PtKl:BemTLkNdfE0pZrj

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
809e526cdb79aa483370d57430eae340_NeikiAnalytics

Files

809e526cdb79aa483370d57430eae340_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE