xmrig | 3a2c89216a96827b033e1ca1a7d30f82b30ebb22a009543fa212e74d4819407f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a2c89216a96827b033e1ca1a7d30f82b30ebb22a009543fa212e74d4819407f
Size

3.1MB
MD5

64dfee2021397060e62173387ee508a2
SHA1

b17210001c0d7d123bfbe5bafd47599ef5b68ecd
SHA256

3a2c89216a96827b033e1ca1a7d30f82b30ebb22a009543fa212e74d4819407f
SHA512

789860576dcc5da26b8bc12931bc0b9e9fd4bdffe60379e6f2fa73b5648874a3385df962a1a8f167c6203213ccfb62493e2094d58a7da4a35da98610360ed524
SSDEEP

98304:w0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc4+:wFWPClFO

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a2c89216a96827b033e1ca1a7d30f82b30ebb22a009543fa212e74d4819407f

Files

3a2c89216a96827b033e1ca1a7d30f82b30ebb22a009543fa212e74d4819407f
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE