xmrig | d6f8167af8a7943dcd47782b97a3093a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6f8167af8a7943dcd47782b97a3093a_JaffaCakes118
Size

954KB
MD5

d6f8167af8a7943dcd47782b97a3093a
SHA1

f214f15883e2aed10bda1683034f11989f967da8
SHA256

1faca95c5ef0995ea2766f2376d6fb353177c69e66add7cd16f71b9c0912bb06
SHA512

be43d753f4db840c78406cc1f0e10f14a16bc21740592e9d7c55318c7b293b974dd1d6acd4bbb036bd2a86afe7432a57444b9ad83b344840d6de30deaced77c8
SSDEEP

12288:AUtD0d0WUXnz6mI39aTTXahIBvB6wHc2W8v+IJgTgMjXzcVWN7nGkOEnG/qIwbEq:7tDxBXs39aHXC2hHMjAVWN7nxOaG/5

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6f8167af8a7943dcd47782b97a3093a_JaffaCakes118

Files

d6f8167af8a7943dcd47782b97a3093a_JaffaCakes118
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 688KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ