xmrig | 3e9ae1979ab41180bcb39fb5e347dc30_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e9ae1979ab41180bcb39fb5e347dc30_NeikiAnalytics
Size

2.2MB
MD5

3e9ae1979ab41180bcb39fb5e347dc30
SHA1

c2dfa7e4a89ae4227a46ff0a7dcc37b3cbe1e0ca
SHA256

f71fdb3c3fbf55635c07945367184b89e67e909bda60e56a956f1dd56191ed5d
SHA512

30fd1029ac752b870a57013bcb5cd29b6e2f98292062a8459112a54f3262a7df56af36f85e337f2735f64e9f9984481b240a92bc00845acbbb61fe5143e0ebd5
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlUNFMgxc2uhCUy8+6YUA2G:BemTLkNdfE0pZr6

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e9ae1979ab41180bcb39fb5e347dc30_NeikiAnalytics

Files

3e9ae1979ab41180bcb39fb5e347dc30_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE