xmrig | b34d5c80ca32d8899fcea69ee6b60b80_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b34d5c80ca32d8899fcea69ee6b60b80_NeikiAnalytics.exe
Size

3.0MB
MD5

b34d5c80ca32d8899fcea69ee6b60b80
SHA1

31d384bafc0b3069430f0b5b6fe2b3f2414ffebb
SHA256

04c981cba7c4b82186d7570d714f85eadd2158b009e2fb6db6f2a9627f3f68ac
SHA512

158b004c8d581a58a91c9ae8adea65d1fd389cbcc12785bf2c7fe04068dd906b491a726a32b56e644a2fcff8f2a1a11b1cd32f2ceb9d038fde9f272846fab0ad
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkyW10/w16BvZX7N:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Rr

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b34d5c80ca32d8899fcea69ee6b60b80_NeikiAnalytics.exe

Files

b34d5c80ca32d8899fcea69ee6b60b80_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE