xmrig | 1caa79becdcca6101efa58836b66b720_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1caa79becdcca6101efa58836b66b720_NeikiAnalytics.exe
Size

2.3MB
MD5

1caa79becdcca6101efa58836b66b720
SHA1

a299c8c19be2aa1a25b16f19c38c4b068216ab2f
SHA256

a97bbb7343136f076a39139064f302627d8579816a611cf66d49c8ce8a5f7b3a
SHA512

32171053f69579bf85eb836a95bc7a118b6d3f53c7e3e3cd40dd7c696fdbbaa6a0a98439d0d88bd7034005f8b55a97b1f16cbcf0a7c992109a7c12d747109fe9
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIlMm+ZQaLwBXhuG:oemTLkNdfE0pZr5

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1caa79becdcca6101efa58836b66b720_NeikiAnalytics.exe

Files

1caa79becdcca6101efa58836b66b720_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE