xmrig | 94add86b11a1d736f11485f39ed1a553_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

94add86b11a1d736f11485f39ed1a553_JaffaCakes118
Size

4.3MB
MD5

94add86b11a1d736f11485f39ed1a553
SHA1

15a0f9ec529c81916a7350fd7384d42ae52039ab
SHA256

b53bfb3bda5dd96c74a01beeb647a65017f95c01b135a5e908bae54cfea05364
SHA512

839ea893308d04830cd111e302f000e5c6b03a171951edf3adc8728885aed3b1b9803a267dbbaaacbf451c22e61093ee0e6f8e89dd69e91fc8c2b2633f122639
SSDEEP

98304:dEGCG4rD5g9R/J2m2SiDr/Mu6EOAtWCnDKkRFyGIwcj:5CGEDi9X2ciDIuNLnDK0FHHc

Score

10^/10

upx miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
static1/unpack001/out.upx	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
94add86b11a1d736f11485f39ed1a553_JaffaCakes118
unpack001/out.upx

Files

94add86b11a1d736f11485f39ed1a553_JaffaCakes118
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 10.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

NvOptimusEnablementCuda

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 850KB - Virtual size: 849KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nv_fatb
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nvFatBi
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 10.2MB

UPX1 Size: 4.2MB - Virtual size: 4.2MB

.rsrc Size: 148KB - Virtual size: 148KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 850KB - Virtual size: 849KB

.data Size: 75KB - Virtual size: 113KB

.pdata Size: 113KB - Virtual size: 112KB

.nv_fatb Size: 11.1MB - Virtual size: 11.1MB

.nvFatBi Size: 512B - Virtual size: 48B

_TEXT_CN Size: 6KB - Virtual size: 6KB

_TEXT_CN Size: 7KB - Virtual size: 7KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 147KB - Virtual size: 148KB

.reloc Size: 31KB - Virtual size: 31KB

UPX0
Size: - Virtual size: 10.2MB

UPX1
Size: 4.2MB - Virtual size: 4.2MB

.rsrc
Size: 148KB - Virtual size: 148KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 850KB - Virtual size: 849KB

.data
Size: 75KB - Virtual size: 113KB

.pdata
Size: 113KB - Virtual size: 112KB

.nv_fatb
Size: 11.1MB - Virtual size: 11.1MB

.nvFatBi
Size: 512B - Virtual size: 48B

_TEXT_CN
Size: 6KB - Virtual size: 6KB

_TEXT_CN
Size: 7KB - Virtual size: 7KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 147KB - Virtual size: 148KB

.reloc
Size: 31KB - Virtual size: 31KB