xmrig | af8a9e44b05fdb620dc37b3c0f34d58c2d07a15e180cd0098e9708ce8a30a649 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af8a9e44b05fdb620dc37b3c0f34d58c2d07a15e180cd0098e9708ce8a30a649
Size

1.9MB
MD5

61e0cf555335e276256a7f31e07e4bcc
SHA1

24c58c5fecedb473bc514ddaa10e1f8576817e64
SHA256

af8a9e44b05fdb620dc37b3c0f34d58c2d07a15e180cd0098e9708ce8a30a649
SHA512

ef222ae670007cdab562ae5d373212cac086502e43cd144730a86459e7453aec8c24b2bf7882bc15e67becb2016c0e16d1e1716c5d24efc85dba88d6f96302ef
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQuQu5eq7z7:oemTLkNdfE0pZrQ4

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af8a9e44b05fdb620dc37b3c0f34d58c2d07a15e180cd0098e9708ce8a30a649

Files

af8a9e44b05fdb620dc37b3c0f34d58c2d07a15e180cd0098e9708ce8a30a649
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE