xmrig | 2193cee8bf3c329225789e3dd71349f5961bfcd9e0c5fd26cb6faf0933a94226 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2193cee8bf3c329225789e3dd71349f5961bfcd9e0c5fd26cb6faf0933a94226
Size

1.4MB
MD5

81219a7f3aa782f6fef0f4f329ce3064
SHA1

0fadc7f95a6c8c8e90774fd42993d282dffc1ca7
SHA256

2193cee8bf3c329225789e3dd71349f5961bfcd9e0c5fd26cb6faf0933a94226
SHA512

956fb8e8c8aaf666e61f837e0809ae13a6a74160109b6bfe36f2765b4336500e7c59522a238d3d7e651c7b38606bc798f49fa1f279f0bb3f553fde8b84eb1d3b
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbBwlKenUT5J33PzVwUz7DMKTbcUd:GezaTF8FcNkNdfE0pZ9oztFwIHT5JbVN

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2193cee8bf3c329225789e3dd71349f5961bfcd9e0c5fd26cb6faf0933a94226

Files

2193cee8bf3c329225789e3dd71349f5961bfcd9e0c5fd26cb6faf0933a94226
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ