xmrig | a301f1828a69eb8b6c360e04dac21b80_NeikiAnalytics | Triage

Sharing

General

Target

a301f1828a69eb8b6c360e04dac21b80_NeikiAnalytics
Size

2.7MB
MD5

a301f1828a69eb8b6c360e04dac21b80
SHA1

df5464e7fcddc3025692f1bfe9933f8f427a14f7
SHA256

c5d5a5dcb68c24f7ec443627170cabe96ee84497a3bf6086750ad38f7b8fa6aa
SHA512

133e3cda3917d8d0897c14305f1bc0a8945aabb2ac4d57f5e267d0f9959d6b7acaafde00b1b1a87d026d72b55513d63f595ea0c539f00d97afbf0acf5a242361
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEdMKPFoLqHMwo6H:BemTLkNdfE0pZrV56utgpPFoS

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a301f1828a69eb8b6c360e04dac21b80_NeikiAnalytics

Files

a301f1828a69eb8b6c360e04dac21b80_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE