xmrig | 49ea7a6bcfb3bcb8a487399dafdc848db149f793c41b4bd67b4c107ca462263d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49ea7a6bcfb3bcb8a487399dafdc848db149f793c41b4bd67b4c107ca462263d
Size

1.8MB
MD5

4045b70dd91e90e01656171311ed9783
SHA1

1eed244b31b89b0eaf9dfc5461417f007f7c0b89
SHA256

49ea7a6bcfb3bcb8a487399dafdc848db149f793c41b4bd67b4c107ca462263d
SHA512

619695dce8bcfbf1c4fe950e92986dd3055ce054eef16d7694eed78c8990543c2cc8633fc109da9d88d79171fba70670edef0e37202a745f09b7a769d8da9edc
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwI7ei11CxPcTmy:GemTLkNdfE0pZah

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49ea7a6bcfb3bcb8a487399dafdc848db149f793c41b4bd67b4c107ca462263d

Files

49ea7a6bcfb3bcb8a487399dafdc848db149f793c41b4bd67b4c107ca462263d
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ