xmrig | 34246c4642a13cf5e8393591b4fd0110_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

34246c4642a13cf5e8393591b4fd0110_NeikiAnalytics.exe
Size

2.0MB
MD5

34246c4642a13cf5e8393591b4fd0110
SHA1

c11224c601fe216a3c924681ee31c9ee5e0fb2b8
SHA256

1e1b4a869cfe995d338bd50c7e71243407a01c7cb7e415bfd12f04209eed1e16
SHA512

31ccd845b06f70791ad049720a5d389a5d812414910e695e07e1058d254edf65691cc2c3284cbacfdff21e53ea4fc9e72d79d487d2f91677acda10a3d91da561
SSDEEP

24576:oezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpv3OBC6y90Xli7w4G8h9Hv:oezaTF8FcNkNdfE0pZ9ozt4wISKr5KSR

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34246c4642a13cf5e8393591b4fd0110_NeikiAnalytics.exe

Files

34246c4642a13cf5e8393591b4fd0110_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE