xmrig | 9525cf77585a50eb86670e2ded244eb0_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

9525cf77585a50eb86670e2ded244eb0_NeikiAnalytics.exe
Size

2.5MB
MD5

9525cf77585a50eb86670e2ded244eb0
SHA1

b341ea60f3d5ee67f19b3a83dce701bc2d3beacf
SHA256

3bd725fde6962bdc63b4a97128ce6cbb619bec489b23b2c37c0a70ec579a2120
SHA512

100ba2f32f16e63fe8ba0e20df87d2c06df67bed28fae0727ffcd996aec725f60d1e386abf0785a29ff0e62e4007d6ac61c648e5660d15d7405e7c9edb5447fd
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQOYilJ51subNWYyxVkTS2:oemTLkNdfE0pZrQe

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9525cf77585a50eb86670e2ded244eb0_NeikiAnalytics.exe

Files

9525cf77585a50eb86670e2ded244eb0_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE