xmrig | bc9cf9bceb04ebba634ea09c2be81dd40c63a797d35247fe48aff797272fde4a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc9cf9bceb04ebba634ea09c2be81dd40c63a797d35247fe48aff797272fde4a
Size

2.7MB
MD5

73a84b819520d204eccb1da44b2b5d89
SHA1

05f9a7062dda725b8914b9db54d706e9377c67e5
SHA256

bc9cf9bceb04ebba634ea09c2be81dd40c63a797d35247fe48aff797272fde4a
SHA512

d8a4bbda6d726916e4b637fe8741dcadf7cc9be555f5ccb549af9dd761be22168f10e8261fb5733f657b6da076b8e3b8138477bb9de89492edea50ea15b9e050
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEdMKPFo3G7XUmTHQ3:oemTLkNdfE0pZrV56utgpPFoZ

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc9cf9bceb04ebba634ea09c2be81dd40c63a797d35247fe48aff797272fde4a

Files

bc9cf9bceb04ebba634ea09c2be81dd40c63a797d35247fe48aff797272fde4a
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE