xmrig | 2ae2209df5925fb5a38f52eaf7a7368634c8abdb68c497cfc3757838f900f2ce[.]exe | Triage

Sharing

General

Target

2ae2209df5925fb5a38f52eaf7a7368634c8abdb68c497cfc3757838f900f2ce.exe
Size

3.2MB
MD5

627457f3fbeeb19a4b14ebe71250c340
SHA1

0c536c4ad9beb74e1399042da3fe9ba77d24d881
SHA256

2ae2209df5925fb5a38f52eaf7a7368634c8abdb68c497cfc3757838f900f2ce
SHA512

2ec1662a19e9b6d72527688be3a1c6968a4831289d0ec3b58678065739ef522d5800b0359c0da2e8f65d10b51b5d75b0c050020520730f29d48cca9fd2690f45
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWm:7bBeSFkC

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ae2209df5925fb5a38f52eaf7a7368634c8abdb68c497cfc3757838f900f2ce.exe

Files

2ae2209df5925fb5a38f52eaf7a7368634c8abdb68c497cfc3757838f900f2ce.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE