xmrig | LoggerToyko[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

LoggerToyko.exe
Size

11.8MB
MD5

297e31fbd8457f1f04c00257cad153ee
SHA1

cc9c899eae901b1c893117973ee971776e95279a
SHA256

dd6bdfd87ec1c5d15210ef6c7a446dbde8ab1989a6226619f2c999903a60a71d
SHA512

434fad3bab6386b5b16dd207dd0c87a37e7e0793676e4115d816d29728b9e48c6dae75215df8d385b406bf4d355480acf0e42db9d62aa5721e61a96482f106d5
SSDEEP

98304:W6MwzwEXv68LHKmC8KjFShRa+XRFtn1B2M2xDg2XMmew6QDJrCG5CzTXW35vOnuH:AgHKpNs2vlr0kL8Ikbq5sNIas79

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
sample	xmrig
sample	family_xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LoggerToyko.exe

Files

LoggerToyko.exe
.exe windows:6 windows x86 arch:x86

59c87cff78aff9db1b928b5da0cb32e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\source\repos\Project1\Debug\Project1.pdb

Imports

kernel32

CloseHandle
MultiByteToWideChar
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
IsDebuggerPresent
GetCurrentThreadId
WideCharToMultiByte
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
DeviceIoControl
GetLastError
AreFileApisANSI
GetTempPathW
SetFileTime
SetFilePointerEx
SetFileInformationByHandle
SetFileAttributesW
SetEndOfFile
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
FormatMessageA
LocalFree
GetProcAddress

shell32

SHGetFolderPathW
ShellExecuteExW

msvcp140d

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??2_Crt_new_delete@std@@SAPAXI@Z
??3_Crt_new_delete@std@@SAXPAX@Z
??Bid@locale@std@@QAEIXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??7ios_base@std@@QBE_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z

vcruntime140d

memmove
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
__std_type_info_destroy_list
__current_exception
__current_exception_context
_except_handler4_common
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memcpy

ucrtbased

strcpy_s
strcat_s
__stdio_common_vsprintf_s
_controlfp_s
_wmakepath_s
_wsplitpath_s
wcscpy_s
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_set_app_type
_seh_filter_exe
_CrtDbgReportW
malloc
_callnewh
terminate
___lc_codepage_func
_malloc_dbg
_crt_atexit
_unlock_file
_lock_file
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
_CrtDbgReport
_calloc_dbg
strlen
wcslen
wcscpy
wcscat
_invalid_parameter
_crt_at_quick_exit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_seh_filter_dll
__p__commode
_set_new_mode
_configthreadlocale
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initterm
_exit
exit
_free_dbg
_initterm_e
_set_fmode
fread

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11.6MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 383B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59c87cff78aff9db1b928b5da0cb32e2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

msvcp140d

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 135KB - Virtual size: 134KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 11.6MB - Virtual size: 11.6MB

.idata Size: 9KB - Virtual size: 8KB

.msvcjmc Size: 512B - Virtual size: 383B

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 135KB - Virtual size: 134KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 11.6MB - Virtual size: 11.6MB

.idata
Size: 9KB - Virtual size: 8KB

.msvcjmc
Size: 512B - Virtual size: 383B

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB