xmrig | df8b4eb29d42702391d4b83493b6c7b5c0a6094bbc9000757e8593eb105a5916 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df8b4eb29d42702391d4b83493b6c7b5c0a6094bbc9000757e8593eb105a5916
Size

3.2MB
MD5

7488d8bcb8d5cc7f0848a966c5916b98
SHA1

b20f6a9abf77c8e57fc891397f76cb5c910d43ee
SHA256

df8b4eb29d42702391d4b83493b6c7b5c0a6094bbc9000757e8593eb105a5916
SHA512

566e5d3ff4486a441aac171d379a0c07fdaeccf7a2aee81d88ae2938ce942beec842aebaabaa0a3d049cfad2e0c5dcb50dd1167e98c28ae870b03936bcfe5dc5
SSDEEP

98304:w0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc4B:wFWPClFR

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df8b4eb29d42702391d4b83493b6c7b5c0a6094bbc9000757e8593eb105a5916

Files

df8b4eb29d42702391d4b83493b6c7b5c0a6094bbc9000757e8593eb105a5916
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE