xmrig | 138d16e72fac17133753d18a3050e800_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

138d16e72fac17133753d18a3050e800_NeikiAnalytics.exe
Size

2.1MB
MD5

138d16e72fac17133753d18a3050e800
SHA1

c34e43ba27b6e69a5ca5ef2612d043860de04dfa
SHA256

c14d6c0eff2f82556b49fb1d1c84e9c6844ba7b470bc3629fcdb70ad2d46642c
SHA512

5979cb9dfc18cce12d06a1c8c95b34376b17da632ba0938d115ea3ae35d9099aaed140712f9097a5e37c9c6e8a98c215c751339c086975ca853217f89fb81f31
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICb5Trec2a/1ASmB:BemTLkNdfE0pZr3

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
138d16e72fac17133753d18a3050e800_NeikiAnalytics.exe

Files

138d16e72fac17133753d18a3050e800_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE