xmrig | unam[.]exe | Triage

Sharing

General

Target

unam.exe
Size

129.3MB
MD5

9b9dbfc1da565ff50d7869c68d12178d
SHA1

e8c7e312d9848f95f17d72f45403ce0159777444
SHA256

17c277605769ede5442963fa5cad409a03c23077c34f9ed6a1f72835154294d3
SHA512

66491d4084594d0e4bbea3ac0224c691f43a023a45313056138d8494aeb80062ffba5f9c213fdc3b1b0ed07f38806d10bd3a39c80b872e45aaa824be7fb72751
SSDEEP

3145728:bajeamjoC0MCr7jkS4aJwVlwV7iGYQ07SLjl:baaamEC0MQkiv7i92

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 2 IoCs

resource	yara_rule
sample	xmrig
sample	family_xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unam.exe

Files

unam.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

H:\CRYPTOCOIN\Mining\Miner\SilentCryptoMiner\SilentCryptoMiner\obj\Release\Silent Crypto Miner Builder.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 129.2MB - Virtual size: 129.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ