xmrig | 45fa971f33833016d0c852fb771e12d0_NeikiAnalytics | Triage

Sharing

General

Target

45fa971f33833016d0c852fb771e12d0_NeikiAnalytics
Size

2.7MB
MD5

45fa971f33833016d0c852fb771e12d0
SHA1

6a58d06096d27ca528d77344264ea3fbcd0f47a2
SHA256

48929497f6f209896862ae90c69d05feaa87ea880dd4b3c448983e5bca8a1381
SHA512

bfa575939a0bf45e382b3cc88bcc8b1910bfc1b37b9cc6bb10663e4daa53fa8e6dfc9e47fc24b241a2c2f2e579c3f85308551f2660101c8afd927eba0e137fc7
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Aj4k3SJCavKM1W7FINqX:BemTLkNdfE0pZrO

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45fa971f33833016d0c852fb771e12d0_NeikiAnalytics

Files

45fa971f33833016d0c852fb771e12d0_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE