xmrig | 034cfb11811df1049b58356b06ea0000_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

034cfb11811df1049b58356b06ea0000_NeikiAnalytics.exe
Size

2.1MB
MD5

034cfb11811df1049b58356b06ea0000
SHA1

df777ecef4b65b653769a42b1f48808721d2ac1e
SHA256

ac07c93a779422a098439b3880a37febc64c1c4e63227e5f4682b0ffced231c1
SHA512

da852b49f7a03ba839dff89b6cf4f14d051a05b81a7d80d56ef8a1aff935e2ea9490a24741fc6a3e18e5331bd37fa2931d4c795dd524b198bfb3f7bbfc083777
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQlqOllgoJsT2hppTr:BemTLkNdfE0pZrQ7

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
034cfb11811df1049b58356b06ea0000_NeikiAnalytics.exe

Files

034cfb11811df1049b58356b06ea0000_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE