xmrig | 51b41e61816b4c798c4a96cf56410040_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

51b41e61816b4c798c4a96cf56410040_NeikiAnalytics.exe
Size

2.4MB
MD5

51b41e61816b4c798c4a96cf56410040
SHA1

cd40034abbec39ff1f631b490f0d887f483004a0
SHA256

12e82bacc3a7ed5d873e090f563e0a790860c5dad3e52bddfc336de2eefe05e4
SHA512

07b1edecc536b00ebc7d7d7694450eeaaa4f016d9c23298921436eab05f18bfd434add9a471e103b29bc2aa71c6863ad2ffa004cc146d4f51dbb65a76cad2954
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQUUvXjVTRdf5k5p8iKCo2qjH:oemTLkNdfE0pZrQL

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51b41e61816b4c798c4a96cf56410040_NeikiAnalytics.exe

Files

51b41e61816b4c798c4a96cf56410040_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE