xmrig | 71d5c4256a0e16222e1f28a89db1410e2f4e6ed6f8e2b87540a93f23d6678a86 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71d5c4256a0e16222e1f28a89db1410e2f4e6ed6f8e2b87540a93f23d6678a86
Size

1.9MB
MD5

ad9c587b4405f30bca044bba3e36d635
SHA1

1a3e4dd204631a4e27c9f8e36714211d70e28ab3
SHA256

71d5c4256a0e16222e1f28a89db1410e2f4e6ed6f8e2b87540a93f23d6678a86
SHA512

197df41631a5e6b7e432197d33a4828c7fe4a94faa1f85b58950a6ed476f2ab8596c6f4422b6774150ec0625dab9479c3374758339c94b032d9092fb3d080b93
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwIRxj4c5yOBQP4Z5ER8iO7:GemTLkNdfE0pZah

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71d5c4256a0e16222e1f28a89db1410e2f4e6ed6f8e2b87540a93f23d6678a86

Files

71d5c4256a0e16222e1f28a89db1410e2f4e6ed6f8e2b87540a93f23d6678a86
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ