xmrig | 18832ebbef1b2bfce68be941d30d7a00NeikiAnalytics[.]exe | Triage

Sharing

General

Target

18832ebbef1b2bfce68be941d30d7a00NeikiAnalytics.exe
Size

2.2MB
MD5

18832ebbef1b2bfce68be941d30d7a00
SHA1

1ad96b7d8e5e9696ed647340e73ec6bed72eea22
SHA256

e11728d123bef1a3e2c300a8374e44e5b2f78d39f46a6846a6d277cb14a8f8a4
SHA512

911c93ee8646c8efe49b8b67769aaf46cd2843ce39b1be8fda679cc1b746442c880303e1039f7219453e25239ae775df57481c9db18e741b112f2d15e1233115
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXGvAnCumyujvV:BemTLkNdfE0pZrI

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18832ebbef1b2bfce68be941d30d7a00NeikiAnalytics.exe

Files

18832ebbef1b2bfce68be941d30d7a00NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE