xmrig | f99ce1bbbb4da3d732db210ef2521ca1bd0da5b8c00eb1593e2d47e98171dc2d | Triage

Sharing

General

Target

f99ce1bbbb4da3d732db210ef2521ca1bd0da5b8c00eb1593e2d47e98171dc2d
Size

2.5MB
MD5

894e4c31e36c082381ea80abd6b0adcd
SHA1

e1ce2c7b36716d09b938c0a33f3e7138fdfee466
SHA256

f99ce1bbbb4da3d732db210ef2521ca1bd0da5b8c00eb1593e2d47e98171dc2d
SHA512

abb444cc93b89e3e253c87a2e3efe203339ee4404ff13d330ed2125c361aea961b5467d3170e9be67e9cab4413fea772fb2cb4320b0b552cc926d4ba7c60c9d8
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEdM/Gta7riy5zXNX9wWr:oemTLkNdfE0pZrV56utgq

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f99ce1bbbb4da3d732db210ef2521ca1bd0da5b8c00eb1593e2d47e98171dc2d

Files

f99ce1bbbb4da3d732db210ef2521ca1bd0da5b8c00eb1593e2d47e98171dc2d
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE