xmrig | 6ebe8cba374fb89c4a0d2f9229e2ccd1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6ebe8cba374fb89c4a0d2f9229e2ccd1_JaffaCakes118
Size

471KB
MD5

6ebe8cba374fb89c4a0d2f9229e2ccd1
SHA1

e73d3d31bc9ee5dfa9bd25e8d69d9f6449259719
SHA256

b6b57e49aa66296053632acff30e5fb560b2a52d4c0dcd494f2dcb5121b09997
SHA512

bfbc4f4461556280121b140b0714e17956aaf01b56ed4f7ca01841c8a24cb1e9c66d814b6dffa4e247052b3f5c660bc8f33dfd3d82047b9dde51a36a8e99c690
SSDEEP

12288:QCQ9/ZhiyC0/aAYDfsC6nhczgh2NJDZ3iAMNjw4Y82kjqlZdbEvJ:QG0/aAYDfsC0h2NJDZ3iAMNjwR85jab6

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ebe8cba374fb89c4a0d2f9229e2ccd1_JaffaCakes118

Files

6ebe8cba374fb89c4a0d2f9229e2ccd1_JaffaCakes118
.exe windows:6 windows x64 arch:x64

6b44d057de577ac7b948b86340af9284

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSASend
WSAIoctl
bind
GetAddrInfoW
FreeAddrInfoW
WSARecvFrom
select
WSAStartup
WSASetLastError
WSAGetLastError
shutdown
setsockopt
getsockopt
closesocket
ioctlsocket
WSARecv
socket
WSASocketW
htons

kernel32

RtlVirtualUnwind
GetExitCodeProcess
RtlLookupFunctionEntry
RtlCaptureContext
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
UnregisterWaitEx
CreateEventW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetStdHandle
GetConsoleMode
SetConsoleMode
CloseHandle
FreeConsole
GetConsoleWindow
GetCurrentProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetModuleHandleW
GetProcAddress
SetThreadAffinityMask
GetLastError
VirtualAlloc
VirtualFree
LocalAlloc
LocalFree
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RegisterWaitForSingleObject
UnregisterWait
GetConsoleCursorInfo
DuplicateHandle
QueueUserWorkItem
MultiByteToWideChar
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
CreateFileA
ReadConsoleW
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
WideCharToMultiByte
SetConsoleCursorPosition
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
Sleep
CreateDirectoryW
ReadFile
SetLastError
WriteFile
DeviceIoControl
RemoveDirectoryW
SetFileTime
CreateHardLinkW
CreateFileW
GetFileAttributesW
GetFileInformationByHandle
SetFilePointerEx
MoveFileExW
CopyFileW
FlushFileBuffers
GetLongPathNameW
GetShortPathNameW
GetCurrentDirectoryW
ReadDirectoryChangesW
GetFileType
TlsSetValue
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObject
ResumeThread
SetEvent
TlsAlloc
ResetEvent
DeleteCriticalSection
CreateSemaphoreW
CreateSemaphoreA
CreateEventA
CancelIo
SetHandleInformation
GetModuleFileNameW
QueryPerformanceFrequency
GetSystemInfo
GetCurrentProcessId
QueryPerformanceCounter
SetNamedPipeHandleState
CreateNamedPipeW
PeekNamedPipe
GetNamedPipeHandleStateA
SwitchToThread
ConnectNamedPipe
FormatMessageA
GetModuleHandleA
LoadLibraryA
TerminateProcess
InitializeSListHead

user32

MapVirtualKeyW
ShowWindow

advapi32

LsaOpenPolicy
CryptGenRandom
CryptAcquireContextA
LsaAddAccountRights
OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
LookupPrivilegeValueW
LsaClose
CryptReleaseContext

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
_Thrd_sleep
_Thrd_yield
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency

vcruntime140

__std_exception_destroy
__std_exception_copy
__C_specific_handler
__vcrt_InitializeCriticalSectionEx
strrchr
strstr
memchr
strchr
memcpy
memcmp
_purecall
__CxxFrameHandler3
memmove
memset
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_errno
__doserrno
_set_invalid_parameter_handler
_register_thread_local_exe_atexit_callback
_c_exit
__p___argc
_exit
_invalid_parameter_noinfo_noreturn
__p___argv
exit
_initterm_e
_initterm
_get_initial_narrow_environment
terminate
_beginthreadex
_set_app_type
_seh_filter_exe
_cexit
_initialize_narrow_environment
_configure_narrow_argv
abort
_initialize_onexit_table
_register_onexit_function
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
fputs
__stdio_common_vswprintf
fwrite
_open_osfhandle
__p__fmode
_write
_set_fmode
_close
fclose
_read
_lseeki64
_get_osfhandle
__p__commode
__stdio_common_vsprintf
fread
fflush

api-ms-win-crt-heap-l1-1-0

_callnewh
_aligned_free
_aligned_malloc
malloc
free
realloc
calloc
_set_new_mode

api-ms-win-crt-convert-l1-1-0

strtol
wcstombs
atoi
strtoull

api-ms-win-crt-string-l1-1-0

isdigit
_wcsdup
_strdup
strlen
strcpy
wcsncpy
strncpy
wcsncmp
_wcsnicmp
_strnicmp
strcmp
_stricmp
wcslen
strncmp

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s

api-ms-win-crt-utility-l1-1-0

srand
_rotr
rand

api-ms-win-crt-math-l1-1-0

_dtest
ceil
_fdopen
nan
__setusermatherr

api-ms-win-crt-filesystem-l1-1-0

_wchmod
_wmkdir
_umask
_wrmdir

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b44d057de577ac7b948b86340af9284

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 352KB - Virtual size: 352KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 31KB - Virtual size: 31KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 352KB - Virtual size: 352KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 1KB - Virtual size: 1KB