xmrig | a0f367635ef3ff4604ba6ff5d0e333a146c1f5e89f0344d8f3e49e605eaa75f9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0f367635ef3ff4604ba6ff5d0e333a146c1f5e89f0344d8f3e49e605eaa75f9
Size

2.0MB
MD5

ed77f5e93fb63f5216d6bb7208063d4f
SHA1

72f00d9b59e964ca4e82bc1ab497115dd6320a17
SHA256

a0f367635ef3ff4604ba6ff5d0e333a146c1f5e89f0344d8f3e49e605eaa75f9
SHA512

72568f687951cb5afd9d08e3a823f03a5cde5954c29722a1d8c8f5b20a8a1b4cc7c15a517a50a5b73d1cd7bbe216d2aaa87c168375d79e6678d97e9c8349d19e
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXIZbGb+7Mxexn2Px:BemTLkNdfE0pZr9

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0f367635ef3ff4604ba6ff5d0e333a146c1f5e89f0344d8f3e49e605eaa75f9

Files

a0f367635ef3ff4604ba6ff5d0e333a146c1f5e89f0344d8f3e49e605eaa75f9
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE