xmrig | 0c8aa90c02f1cf5687738ceaba952d90_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c8aa90c02f1cf5687738ceaba952d90_NeikiAnalytics
Size

2.2MB
MD5

0c8aa90c02f1cf5687738ceaba952d90
SHA1

e4206ce023c7189f2c5bba580c89ffb5b98740c0
SHA256

f4fd5cf25b58c0ab78de9c674ce29bbb9cb7881f0f32e50d12dc3bf1a4d99c2e
SHA512

295bb586c537c8d752c0c2202b12cb83fb9e02ea5b027477e009297e8e00189429fe91bb4fb116dadfeef347c99e5ea32c83fdbe934cc5b442fc7b5ff407529d
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXGJLuIaRNfGq9ES:BemTLkNdfE0pZrj

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c8aa90c02f1cf5687738ceaba952d90_NeikiAnalytics

Files

0c8aa90c02f1cf5687738ceaba952d90_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE