xmrig | ce8b95c212b3f87ef9e8c13467ebc6a0_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce8b95c212b3f87ef9e8c13467ebc6a0_NeikiAnalytics
Size

1.8MB
MD5

ce8b95c212b3f87ef9e8c13467ebc6a0
SHA1

a397d837c7e357a2e7bd7f68c228297f0ffdca57
SHA256

46596fc1c8d9c19e32f79f205a92bc274fcc344b9708e5a866af6b98d395da0f
SHA512

8dfb8e3330f3874c8b2e51f396e2adae35a94fb3ec8e5437f0afd14da3acbf41b834206b80d87b07bd7444a74a6f7a0c04b7bed5bb36ed7621310636001d31cf
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wISK9NcHF8:BemTLkNdfE0pZrp

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce8b95c212b3f87ef9e8c13467ebc6a0_NeikiAnalytics

Files

ce8b95c212b3f87ef9e8c13467ebc6a0_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE