HEminer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HEminer.exe
Size

29.7MB
MD5

14fe32664fbe95dcaf00d90fe48dc22e
SHA1

c22c392b6fbaa813e2d366d99d0c18db0703f0aa
SHA256

e180279a063d11315aa40089b7582032b9443843c906a2fe224ed9433148bd74
SHA512

2a4f010206c089d3e016531a35d861d7b082fa28b7cbbb3d1fe5b6ad85b690c760787c88350a0b396d99d9c4b178781b73bcf7fcdfbacff29ca1024dc1b2add8
SSDEEP

786432:Ffh7d/Y7KltDhel3Znr9gxxgiuK+0xcyMJaPw/N7cYylS:FZ7d/K2tVkZ6xKA+0xKJaP2Ngpg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEminer.exe

Files

HEminer.exe
.exe windows:4 windows x64 arch:x64

02549ff92b49cce693542fc9afb10102

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
memset
_get_pgmptr
getenv
sprintf
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit

kernel32

Sleep
CreateProcessA
SetUnhandledExceptionFilter

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29.7MB - Virtual size: 29.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ