xmrig | 1438ab8422792caa48a136f6c5557c7138e344584fd89a5decc350b3f683d837_NeikiAnalytics | Triage

Sharing

General

Target

1438ab8422792caa48a136f6c5557c7138e344584fd89a5decc350b3f683d837_NeikiAnalytics
Size

3.4MB
MD5

9e403500eca41ad476502ef19093d980
SHA1

479b3712a206bbe3ebb1455406848db52b8e0de2
SHA256

1438ab8422792caa48a136f6c5557c7138e344584fd89a5decc350b3f683d837
SHA512

e3a7d251500903e98de7e877ceec732c7165aa366832641052683ed09a1069e1300f21747a4cfe317c7e68f278ae4724fe0cfd00ca1299ef1c0e2e4c320211f0
SSDEEP

98304:N0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc40A:NFWPClFkA

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1438ab8422792caa48a136f6c5557c7138e344584fd89a5decc350b3f683d837_NeikiAnalytics

Files

1438ab8422792caa48a136f6c5557c7138e344584fd89a5decc350b3f683d837_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE