xmrig | 49ef660ccc961f243bbd3fd3e5dde3a3c9cbddd3e1d2c4dec1ad9098f81d150a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49ef660ccc961f243bbd3fd3e5dde3a3c9cbddd3e1d2c4dec1ad9098f81d150a
Size

1.9MB
MD5

05f114ad2334c259e07168b6c59b9938
SHA1

19c71873fb2e1b4e7a87542a5d562147d037e149
SHA256

49ef660ccc961f243bbd3fd3e5dde3a3c9cbddd3e1d2c4dec1ad9098f81d150a
SHA512

f50695f681f84685f6d9baa43302e86d28f31e1c1a5534b19463f8d1356fe91fe997f2413780e3502177c139adcb96a1dec51771e1b02a16f2e34a17c13afd03
SSDEEP

49152:S0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjnz8DhJUztne:S0GnJMOWPClFdx6e0EALKWVTffZiPAcG

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49ef660ccc961f243bbd3fd3e5dde3a3c9cbddd3e1d2c4dec1ad9098f81d150a

Files

49ef660ccc961f243bbd3fd3e5dde3a3c9cbddd3e1d2c4dec1ad9098f81d150a
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ