xmrig | 0ea8bf29a5a35088efde655d076ac5bd41f16c37c454adeac4b2a7916ffc3b5a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ea8bf29a5a35088efde655d076ac5bd41f16c37c454adeac4b2a7916ffc3b5a
Size

3.4MB
MD5

312ca620f59f219525b7a00c0e0a87ea
SHA1

b54e7a6ac6031b2ba45d83a2c0ad771894d14fd8
SHA256

0ea8bf29a5a35088efde655d076ac5bd41f16c37c454adeac4b2a7916ffc3b5a
SHA512

e38588347b4e9515a92e894c0bcfdeacab6983fb5f306a35db907ce6cbc98ceb99012bcc38ea70deead63794f5280f756a3c2352cd41bd990c170b3a66092f7d
SSDEEP

98304:w0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc40z:wFWPClFkz

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ea8bf29a5a35088efde655d076ac5bd41f16c37c454adeac4b2a7916ffc3b5a

Files

0ea8bf29a5a35088efde655d076ac5bd41f16c37c454adeac4b2a7916ffc3b5a
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE