xmrig | e7bbe3c2d64094467e78802627d98b80_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e7bbe3c2d64094467e78802627d98b80_NeikiAnalytics
Size

1.9MB
MD5

e7bbe3c2d64094467e78802627d98b80
SHA1

3ef79cc0c496c25f71ad4eb5dd250e9207d14379
SHA256

a6d4490cc761cb8beb1c4d07cdd13bd03c1374083619fe7d417b77028a0c400f
SHA512

1941c124d38a8318a6a09017907cafd8b8104d8074789119dcf5a0d6947e6024b16947966a9388cf25d70737c7de687c75bfc33dd5456e0a116bea52ea663afb
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXIZbINXe6GcKCTE:BemTLkNdfE0pZr8

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7bbe3c2d64094467e78802627d98b80_NeikiAnalytics

Files

e7bbe3c2d64094467e78802627d98b80_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE