xmrig | 31b6a992a1cf089894a97ca38d6bbd1f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

31b6a992a1cf089894a97ca38d6bbd1f_JaffaCakes118
Size

12.7MB
MD5

31b6a992a1cf089894a97ca38d6bbd1f
SHA1

639f68f086b1f91032d715362c94ff2cf9584a67
SHA256

41c6e317a803f4692a26b8672c0a71059f1d36f1c16a92130e69dbf109333dad
SHA512

4e73c9306b60efa6a500613bc7cdf7bd5389d7dd92d95a571b8e9166b791867dcda6f77efc6591a1caa2602673b761f0da57aa3d8269863b37de26c520be9711
SSDEEP

393216:+jtm4iWoHL85b2oljnEdn2nScYlM+KIaXY+b8Flfsxm:ai85aKjEmmlvKIaXQAm

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
static1/unpack001/xmrig-nvidia-2.14.5/xmrig-nvidia.exe	xmrig

Xmrig family
xmrig

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xmrig-nvidia-2.14.5/nvrtc-builtins64_100.dll
unpack001/xmrig-nvidia-2.14.5/nvrtc64_100_0.dll
unpack001/xmrig-nvidia-2.14.5/xmrig-nvidia.exe

Files

31b6a992a1cf089894a97ca38d6bbd1f_JaffaCakes118
.zip
xmrig-nvidia-2.14.5/config.json
xmrig-nvidia-2.14.5/nvrtc-builtins64_100.dll
.dll windows:6 windows x64 arch:x64

8f855f48184bff75de5ed8f701a5f778

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetCurrentThreadId
GetLastError
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
Sleep
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetModuleFileNameW
LoadLibraryExW
HeapAlloc
HeapReAlloc
GetStringTypeW
OutputDebugStringW
LoadLibraryW
HeapSize
LCMapStringEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW

Exports

Exports

getArchBuiltins
getBuiltinHeader

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xmrig-nvidia-2.14.5/nvrtc64_100_0.dll
.dll windows:6 windows x64 arch:x64

07922ce48087a9ba782416b2994f58e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

CharUpperW

advapi32

CryptGenRandom
CryptAcquireContextW
CryptReleaseContext

dbghelp

EnumerateLoadedModules64

kernel32

GetCommandLineA
RaiseException
FindNextFileA
FindFirstFileExA
GetModuleFileNameA
HeapWalk
HeapValidate
InterlockedFlushSList
CreateFileA
CreateFileW
GetFileAttributesA
GetFileAttributesW
SetFilePointerEx
WriteFile
CloseHandle
GetLastError
MapViewOfFileEx
UnmapViewOfFile
FormatMessageA
CreateFileMappingA
GetTempPathA
GetTempFileNameA
GetLocaleInfoA
FreeLibrary
GetProcAddress
LoadLibraryA
IsDebuggerPresent
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleW
GetModuleHandleExW
DeleteFileW
ReadFile
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCurrentProcessId
SetConsoleCtrlHandler
QueryPerformanceCounter
QueryPerformanceFrequency
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
FindClose
FindFirstFileExW
FindNextFileW
GetStringTypeW
SetLastError
GetCurrentThreadId
HeapFree
HeapAlloc
GetStdHandle
GetStartupInfoW
LoadLibraryW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
IsValidCodePage
GetOEMCP
SetStdHandle
HeapReAlloc
GetProcessHeap
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
SetEndOfFile
WriteConsoleW
InitializeCriticalSection
LocalFree
CreateDirectoryW
RemoveDirectoryW
GetTempPathW
GetSystemInfo
VirtualQuery
CreateFileMappingW
MapViewOfFile
GetCommandLineW
GetProcessTimes
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
EncodePointer
DecodePointer
CreateEventW
SetEvent
ResetEvent
WaitForSingleObjectEx
InitializeSListHead
RtlPcToFileHeader

Exports

Exports

nvrtcAddNameExpression
nvrtcCompileProgram
nvrtcCreateProgram
nvrtcDestroyProgram
nvrtcGetErrorString
nvrtcGetLoweredName
nvrtcGetPTX
nvrtcGetPTXSize
nvrtcGetProgramLog
nvrtcGetProgramLogSize
nvrtcVersion

Sections

.text
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 490KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xmrig-nvidia-2.14.5/start.cmd
xmrig-nvidia-2.14.5/xmrig-nvidia.exe
.exe windows:6 windows x64 arch:x64

0a5c80001f893adc62d57d32cf7bcbc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAIoctl
gethostname
recv
send
WSASetLastError
WSAGetLastError
ntohs
ioctlsocket
getsockname
getsockopt
WSAStartup
WSACleanup
accept
bind
closesocket
connect
listen
setsockopt
socket
htonl
__WSAFDIsSet
WSAPoll
select
WSARecvFrom
FreeAddrInfoW
GetAddrInfoW
htons
WSASend
shutdown
WSASocketW
WSARecv

advapi32

CryptDecrypt
DeregisterEventSource
RegisterEventSourceW
CryptAcquireContextA
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
ReportEventW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW

nvcuda

cuInit
cuGetErrorString
cuDeviceGet
cuCtxCreate_v2
cuCtxSynchronize
cuModuleLoadDataEx
cuModuleUnload
cuModuleGetFunction
cuLaunchKernel_ptsz

nvrtc64_100_0

nvrtcGetErrorString
nvrtcCreateProgram
nvrtcDestroyProgram
nvrtcCompileProgram
nvrtcGetPTXSize
nvrtcGetPTX
nvrtcGetProgramLogSize
nvrtcGetProgramLog
nvrtcAddNameExpression
nvrtcGetLoweredName

iphlpapi

GetAdaptersAddresses

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

kernel32

GetThreadTimes
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlPcToFileHeader
RtlUnwindEx
GetCommandLineA
GetCommandLineW
ExitProcess
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
SetStdHandle
GetConsoleCP
GetFileAttributesExW
SetFileAttributesW
ExitThread
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetNumaHighestNodeNumber
GetLogicalProcessorInformation
GetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
GetLocaleInfoW
CompareStringW
GetTickCount
CreateEventW
DecodePointer
EncodePointer
WaitForSingleObjectEx
VerifyVersionInfoW
DeleteTimerQueueTimer
ChangeTimerQueueTimer
HeapSize
CreateTimerQueueTimer
GetSystemDirectoryW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
SetEndOfFile
GetFileAttributesW
GetStdHandle
GetConsoleMode
SetConsoleMode
CloseHandle
FreeConsole
GetConsoleWindow
MultiByteToWideChar
GetCurrentProcess
GetCurrentThread
SetThreadPriority
GetModuleHandleW
GetProcAddress
SetThreadAffinityMask
GetLastError
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
LocalAlloc
LocalFree
ExpandEnvironmentStringsA
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerW
SwitchToThread
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetFileType
WriteFile
ConvertFiberToThread
ConvertThreadToFiber
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
LoadLibraryW
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RegisterWaitForSingleObject
UnregisterWait
GetConsoleCursorInfo
CreateFileW
DuplicateHandle
QueueUserWorkItem
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
CreateFileA
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
GetLongPathNameW
GetShortPathNameW
RtlUnwind
GetCurrentDirectoryW
ReadDirectoryChangesW
VerifyVersionInfoA
GetModuleFileNameW
SetEnvironmentVariableW
InitializeCriticalSection
GetVersionExW
FreeEnvironmentStringsW
FileTimeToSystemTime
GetSystemInfo
VerSetConditionMask
GetEnvironmentStringsW
SetConsoleCtrlHandler
Sleep
CreateDirectoryW
ReadFile
GetFileInformationByHandleEx
GetFileSizeEx
GetDiskFreeSpaceW
DeviceIoControl
RemoveDirectoryW
GetFinalPathNameByHandleW
SetFileTime
ReOpenFile
CreateHardLinkW
UnmapViewOfFile
GetFileInformationByHandle
FlushViewOfFile
SetFilePointerEx
CreateFileMappingA
MoveFileExW
CopyFileW
CreateSymbolicLinkW
MapViewOfFile
FlushFileBuffers
SleepConditionVariableCS
TryEnterCriticalSection
ReleaseSemaphore
WakeConditionVariable
InitializeConditionVariable
ResumeThread
SetEvent
GetNativeSystemInfo
CreateSemaphoreW
CreateSemaphoreA
CreateEventA
CancelIo
SetHandleInformation
SetFileCompletionNotificationModes
FormatMessageA
LoadLibraryExW
SetNamedPipeHandleState
CreateNamedPipeW
PeekNamedPipe
CancelSynchronousIo
GetNamedPipeHandleStateA
CancelIoEx
ConnectNamedPipe
DebugBreak
GetModuleHandleA
TerminateProcess
UnregisterWaitEx
LCMapStringW
GetExitCodeProcess
GetStartupInfoW
GetTickCount64
RaiseException
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
FreeLibraryAndExitThread
GetProcessAffinityMask
GetFullPathNameW

user32

ShowWindow
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
TranslateMessage
DispatchMessageA
MapVirtualKeyW
GetMessageA
MessageBoxW

bcrypt

BCryptGenRandom

Exports

Exports

NvOptimusEnablementCuda

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nv_fatb
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nvFatBi
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f855f48184bff75de5ed8f701a5f778

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 5KB - Virtual size: 13KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

07922ce48087a9ba782416b2994f58e9

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

dbghelp

kernel32

Exports

Exports

Sections

.text Size: 10.0MB - Virtual size: 10.0MB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 490KB - Virtual size: 1.0MB

.pdata Size: 443KB - Virtual size: 442KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 106KB - Virtual size: 105KB

0a5c80001f893adc62d57d32cf7bcbc2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

nvcuda

nvrtc64_100_0

iphlpapi

crypt32

kernel32

user32

bcrypt

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 845KB - Virtual size: 844KB

.data Size: 62KB - Virtual size: 2.6MB

.pdata Size: 102KB - Virtual size: 102KB

.nv_fatb Size: 10.6MB - Virtual size: 10.6MB

.nvFatBi Size: 512B - Virtual size: 48B

_TEXT_CN Size: 6KB - Virtual size: 6KB

_TEXT_CN Size: 7KB - Virtual size: 7KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 5KB - Virtual size: 13KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 10.0MB - Virtual size: 10.0MB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 490KB - Virtual size: 1.0MB

.pdata
Size: 443KB - Virtual size: 442KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 106KB - Virtual size: 105KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 845KB - Virtual size: 844KB

.data
Size: 62KB - Virtual size: 2.6MB

.pdata
Size: 102KB - Virtual size: 102KB

.nv_fatb
Size: 10.6MB - Virtual size: 10.6MB

.nvFatBi
Size: 512B - Virtual size: 48B

_TEXT_CN
Size: 6KB - Virtual size: 6KB

_TEXT_CN
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 31KB - Virtual size: 31KB