xmrig | 40d19cd51dbe1ee49d8588d45a446b20_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40d19cd51dbe1ee49d8588d45a446b20_NeikiAnalytics.exe
Size

2.2MB
MD5

40d19cd51dbe1ee49d8588d45a446b20
SHA1

ed048daf459f66a0ebf64f7a20a7f704e10f62ef
SHA256

c06697985d19870a1d4ed7805e8a58af3c3070920dc79268126c38e9d2ef3c46
SHA512

aceeaa1b8824a1e500b27cf44127957fe1de96c80eadec0bee46439b00846c86fc2a1c570fc471589c9412b12d66cc80f7697d9b3a9539d574a3b7a68161a2d0
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXGJLuIaRNfGq9Ei:BemTLkNdfE0pZrj

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40d19cd51dbe1ee49d8588d45a446b20_NeikiAnalytics.exe

Files

40d19cd51dbe1ee49d8588d45a446b20_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE