xmrig | 0977cd3bfb125511ad5fcaf8ec2f84c0124e252c93b2a53ee7df4cebac592a85 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0977cd3bfb125511ad5fcaf8ec2f84c0124e252c93b2a53ee7df4cebac592a85
Size

2.4MB
MD5

19ea1489fd23ba08923becea36bd3c2d
SHA1

2ef0fccb362a28c9448f1021bfdf722d0a72de57
SHA256

0977cd3bfb125511ad5fcaf8ec2f84c0124e252c93b2a53ee7df4cebac592a85
SHA512

102a573e756269dff62c829c19398644c371dee09846252c2e7f295cc443155a2844a6ff9267ebb3d38d80dfaf34a112f26c227a779b2cf265f95a4486a8f929
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQFD2P6QV8NcxeLkgav:oemTLkNdfE0pZrQi

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0977cd3bfb125511ad5fcaf8ec2f84c0124e252c93b2a53ee7df4cebac592a85

Files

0977cd3bfb125511ad5fcaf8ec2f84c0124e252c93b2a53ee7df4cebac592a85
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE