xmrig | 95a5ab3cebe006a409d179bed932cd20_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

95a5ab3cebe006a409d179bed932cd20_NeikiAnalytics.exe
Size

2.1MB
MD5

95a5ab3cebe006a409d179bed932cd20
SHA1

1ef05a7224d4acef29ae2d342a6e5dbc0b45205d
SHA256

db1b03b8b44c53c1306ce8abeeeaa2445de10dff6d63fa94752ebf85f9be4f34
SHA512

c49d53970fa728f7beb62be92c9e570ffa14e39346e47dd890be8b721a094af9cb750b8b09563303f7c2d77de18bc84cdbd3ffb2580720d090d426552d2c17a9
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQF3OioF5qdhORA:oemTLkNdfE0pZrQP

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95a5ab3cebe006a409d179bed932cd20_NeikiAnalytics.exe

Files

95a5ab3cebe006a409d179bed932cd20_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE