xmrig | 15f773d69e30489b83dec0e9c4529900_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

15f773d69e30489b83dec0e9c4529900_NeikiAnalytics.exe
Size

1.6MB
MD5

15f773d69e30489b83dec0e9c4529900
SHA1

529b5d01415632b9540201612b7de91b96a1c64a
SHA256

187672621a428fafa9743ab0f15dac23972a5f81b32b96232f1286efdc1ebd38
SHA512

1717e737f9a336b52eefea5ffcf7fcb022a83f121aec468c2ee179462725c3a21de794a62cca441d1c5b0b6dc8eb0408ecbe68429a97a1701682480d7b68d449
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AXrcu:BemTLkNdfE0pZro

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15f773d69e30489b83dec0e9c4529900_NeikiAnalytics.exe

Files

15f773d69e30489b83dec0e9c4529900_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE