xmrig | 96438ea8194acb333796b510c728bd30_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96438ea8194acb333796b510c728bd30_NeikiAnalytics
Size

1.9MB
MD5

96438ea8194acb333796b510c728bd30
SHA1

1db288e2d9d5f91c6e08a7cdef6b97a6164f9a01
SHA256

8528b6d0186c4ab85e5f8001d69071c88b38b84f6ecedae4f65f7ec6f4e3ccdf
SHA512

2598be2b52b8feeb503f29dcf9d1a4421e72b15e57b42bff98453f08ef5b83434c75a7c017488e10b3f78e23f0619f8fb5d2d4d357b8902fa35e16cb70261312
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlfaTUYmPgxJa:BemTLkNdfE0pZrZ

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96438ea8194acb333796b510c728bd30_NeikiAnalytics

Files

96438ea8194acb333796b510c728bd30_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE