xmrig | 3031a37944c8d563e3ff4a7e321b4fb06799a47352e9e85ff9cfdfc2eb0fef0d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3031a37944c8d563e3ff4a7e321b4fb06799a47352e9e85ff9cfdfc2eb0fef0d
Size

1.8MB
MD5

c162b3ceee8890c82ed7008a8ef5c0e3
SHA1

2a4cb504778f50e8a69ebb6cd0d9fbb2ddb76798
SHA256

3031a37944c8d563e3ff4a7e321b4fb06799a47352e9e85ff9cfdfc2eb0fef0d
SHA512

8140682483af8042db4746187591ab52a8ebc079028f1d6ddcea68917c326930cca04afddf5790f23e0fc24e33aa1775dddd581fcd9f62efbbf509dd5694c179
SSDEEP

49152:S0wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjnz8DhJUY:S0GnJMOWPClFdx6e0EALKWVTffZiPAcK

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3031a37944c8d563e3ff4a7e321b4fb06799a47352e9e85ff9cfdfc2eb0fef0d

Files

3031a37944c8d563e3ff4a7e321b4fb06799a47352e9e85ff9cfdfc2eb0fef0d
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ