xmrig | 5199649336ff6256fb868cdc82732cf0_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5199649336ff6256fb868cdc82732cf0_NeikiAnalytics
Size

3.2MB
MD5

5199649336ff6256fb868cdc82732cf0
SHA1

dd9dba3534d4789847264e2deb61c3544fa0259c
SHA256

f0600edaf942dbb7bc60b3c4dbf1f14a7307cf8761c681092bbb706fe6804f17
SHA512

c0b0f49f181ac31d4a25bffc5a96f0a0fec104ee34e0e8669a5b1dadd383ec8fbf4b6ebf6987ecf7adbf66c354eb57beb1cac20495fed8434e81de99593e9a25
SSDEEP

98304:N0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc4S:NFWPClFC

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5199649336ff6256fb868cdc82732cf0_NeikiAnalytics

Files

5199649336ff6256fb868cdc82732cf0_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE