xmrig | 178fb828f06d3987fa596cc851adc99f4c7fe4ef15b3460f24b15fb2d224f70e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

178fb828f06d3987fa596cc851adc99f4c7fe4ef15b3460f24b15fb2d224f70e
Size

3.0MB
MD5

6d93c5f5649d9348fde8b5ba544ce7d8
SHA1

d9c6fadf6b129efda82fd7a5faff4bdbe09e4683
SHA256

178fb828f06d3987fa596cc851adc99f4c7fe4ef15b3460f24b15fb2d224f70e
SHA512

9b6e806aca8bda72036845b5501ef4712f3c4e0cf156487647cfdb4f5a8defdf7183a9cb9f6572ee60f94b7f72296529a87824c5495462ef592001e5d2eced42
SSDEEP

98304:w0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc4W:wFWPClFm

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
178fb828f06d3987fa596cc851adc99f4c7fe4ef15b3460f24b15fb2d224f70e

Files

178fb828f06d3987fa596cc851adc99f4c7fe4ef15b3460f24b15fb2d224f70e
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE