xmrig | 983c2fb282c2c23a76cfa6a5e46a9f40_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

983c2fb282c2c23a76cfa6a5e46a9f40_NeikiAnalytics.exe
Size

2.4MB
MD5

983c2fb282c2c23a76cfa6a5e46a9f40
SHA1

6caa238913feda08e31817520f1e35454d3ea241
SHA256

53aa995f6d647259f2f03911d30e1afbeab3f5bbe21694f7c334508599af9d48
SHA512

6be6a7175c23483ff5795f25f1b3b894ddb75111045ec2715afcd8b8cc15cfaa3aef927881118eb6015bb22dfa14f8baa4ceeae1809e9d3f79b46ad2239e8531
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+ABcYHM0NaLL1DUk:BemTLkNdfE0pZrx

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
983c2fb282c2c23a76cfa6a5e46a9f40_NeikiAnalytics.exe

Files

983c2fb282c2c23a76cfa6a5e46a9f40_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE