xmrig | 75497caaa52797d58a70cdbe1cb1252c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

75497caaa52797d58a70cdbe1cb1252c_JaffaCakes118
Size

348KB
MD5

75497caaa52797d58a70cdbe1cb1252c
SHA1

a3ee3f7b8940dfadfc728b7467679879640f9578
SHA256

cccdcd65247b27e1d3587cc6d365a5dd703954ec578f288ccf2c97b85837b069
SHA512

f3f9ab4f058af45f4b148433f565fa1d602339b52cca84ea8dd1dc1ef59c1c7050cf04421a77dd557e81ddf316a5177ff89bfafb50de5f26d7ca85289b50d2d6
SSDEEP

6144:FbF9t7qqDX+ZUMPyc0vcDDleaLDnKVaG1S/YNe7Y:5D4qr+SMPGv2DleaLDnKkG1fl

Score

10^/10

miner vmprotect xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75497caaa52797d58a70cdbe1cb1252c_JaffaCakes118

Files

75497caaa52797d58a70cdbe1cb1252c_JaffaCakes118
.exe windows:5 windows x64 arch:x64

cf7ce79374868e0ee798bff1c196b9de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

htons
WSASetLastError
WSAStartup
select
WSARecvFrom
bind
WSAIoctl
WSASend
shutdown
WSASocketW
socket
WSARecv
ioctlsocket
FreeAddrInfoW
GetAddrInfoW
closesocket
getsockopt
setsockopt
htonl
WSAGetLastError

kernel32

HeapReAlloc
GetACP
CompareStringW
GetModuleFileNameA
ExitProcess
GetStdHandle
CloseHandle
FreeConsole
GetConsoleWindow
WinExec
SetConsoleMode
GetConsoleMode
CreateMutexA
ReleaseMutex
GetLastError
SetThreadAffinityMask
GetCurrentProcess
SetProcessAffinityMask
GetCurrentThread
VirtualFree
VirtualAlloc
LocalAlloc
LocalFree
SetPriorityClass
SetThreadPriority
GetProcAddress
GetModuleHandleW
TlsSetValue
EnterCriticalSection
ReleaseSemaphore
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
ResumeThread
SetEvent
TlsAlloc
ResetEvent
DeleteCriticalSection
CreateSemaphoreW
TlsGetValue
TlsFree
CreateSemaphoreA
CreateEventA
GetModuleFileNameW
MultiByteToWideChar
QueryPerformanceFrequency
GetSystemInfo
GetCurrentProcessId
WideCharToMultiByte
GetTimeZoneInformation
SetConsoleCtrlHandler
PostQueuedCompletionStatus
Sleep
SetErrorMode
GetQueuedCompletionStatus
CreateIoCompletionPort
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RegisterWaitForSingleObject
UnregisterWait
GetConsoleCursorInfo
CreateFileW
DuplicateHandle
QueueUserWorkItem
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
CreateFileA
ReadConsoleW
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
GetFileType
CreateDirectoryW
ReadFile
SetLastError
WriteFile
DeviceIoControl
RemoveDirectoryW
SetFileTime
CreateHardLinkW
GetFileAttributesW
GetFileInformationByHandle
SetFilePointerEx
MoveFileExW
CopyFileW
FlushFileBuffers
SetHandleInformation
GetModuleHandleA
LoadLibraryA
FormatMessageA
DebugBreak
SetNamedPipeHandleState
CreateNamedPipeW
PeekNamedPipe
GetNamedPipeHandleStateA
SwitchToThread
ConnectNamedPipe
GetLongPathNameW
ReadDirectoryChangesW
TerminateProcess
UnregisterWaitEx
LCMapStringW
GetExitCodeProcess
GetStartupInfoW
HeapFree
HeapAlloc
SetFileAttributesW
GetFileAttributesExW
GetConsoleCP
SetStdHandle
GetModuleHandleExW
GetStringTypeW
HeapSize
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
DecodePointer
QueryPerformanceCounter
CancelIo
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
CreateThread
EncodePointer
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetCommandLineA
GetCommandLineW
ExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

TranslateMessage
ShowWindow
DispatchMessageA
MapVirtualKeyW
GetMessageA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
LsaOpenPolicy
LsaAddAccountRights
LsaClose
GetTokenInformation

Sections

.text
Size: - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf7ce79374868e0ee798bff1c196b9de

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

Sections

.text Size: - Virtual size: 337KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: - Virtual size: 14KB

.pdata Size: - Virtual size: 15KB

.vmp0 Size: - Virtual size: 17KB

.vmp1 Size: 241KB - Virtual size: 240KB

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 337KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: - Virtual size: 14KB

.pdata
Size: - Virtual size: 15KB

.vmp0
Size: - Virtual size: 17KB

.vmp1
Size: 241KB - Virtual size: 240KB

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB