xmrig | 163d6a72f30b345b642d72d0c5a4a400_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

163d6a72f30b345b642d72d0c5a4a400_NeikiAnalytics
Size

2.5MB
MD5

163d6a72f30b345b642d72d0c5a4a400
SHA1

1f8d71b1cc1101559fcf18837f6c5e59ad93f4d9
SHA256

ae6af0ff74ac732018c2626504457fecd41b76f14e50845a4945ddbf8801e936
SHA512

aa5bc4e1a4b2da3bf9cf5beac902834c9e89252a3cee5ad1f78e99e0536634fe9acb21e04bb82f108661865dd7ab8733ec8893162b0080f1c754fb028c052abb
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlMmSdzw6SUz8dLJv:BemTLkNdfE0pZrB

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
163d6a72f30b345b642d72d0c5a4a400_NeikiAnalytics

Files

163d6a72f30b345b642d72d0c5a4a400_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE