xmrig | fa1a0a9d2f2a20bed6ec91d474f2e990N | Triage

Sharing

General

Target

fa1a0a9d2f2a20bed6ec91d474f2e990N
Size

2.0MB
MD5

fa1a0a9d2f2a20bed6ec91d474f2e990
SHA1

409d28eaa6a006c162e30681b1f4ae50b5ddbd12
SHA256

aab8118e56a8652f06c56bfd4e7b3dc4ca81553a79caf6c191f3d9da6a5fe2cb
SHA512

998eac7a91e94d9d3d540a1cfd6b8010b99417fd1e2bcde7626d0c4c623fec6d63deedf1e8b570a9a97c8db7050fae0442ed2b53f2115772b524418413039786
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIlfaTUYmo/T6xu:oemTLkNdfE0pZrm

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa1a0a9d2f2a20bed6ec91d474f2e990N

Files

fa1a0a9d2f2a20bed6ec91d474f2e990N
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE