xmrig | 46a91929554461ae4eea91301836e8e0[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46a91929554461ae4eea91301836e8e0.bin
Size

2.8MB
MD5

46a91929554461ae4eea91301836e8e0
SHA1

a73ae8785b90c6abd25a2f3a7fad4203a7731b22
SHA256

3e6553d776a22e22f6d7bf24a0dd0ce9219d3454e5416b8e85f7dd6e356c07bc
SHA512

ab1dda88029a8603a2aba7515199b4f396f40a48b6c339c0187089c918928fc0092657cc600eb04dae0185a92accd67a819b90ee8a735e0331c4ddcd6527c155
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEd2bdO+QHJ2mDVc:oemTLkNdfE0pZrV56utgW

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46a91929554461ae4eea91301836e8e0.bin

Files

46a91929554461ae4eea91301836e8e0.bin
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE