xmrig | c444334344b6eff1416b87c9acfcb95be8bf5ccab25f8529e39f8d7cff37ff5e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c444334344b6eff1416b87c9acfcb95be8bf5ccab25f8529e39f8d7cff37ff5e
Size

3.3MB
MD5

7f5a11ed1c07cce40fccc227fc2a7e26
SHA1

938cb17ad54e2f6cbdba55bb02a2b28d798b64f1
SHA256

c444334344b6eff1416b87c9acfcb95be8bf5ccab25f8529e39f8d7cff37ff5e
SHA512

3a418ab9a30e59a6c05b481e43071179e997c8be9fe06a02a2251b7ce7c36a0181c183d12e00c9a28d9476a3ade43d8b06aa64b3a259fb2dcd9279a4ac5e390e
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWN:7bBeSFkZ

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c444334344b6eff1416b87c9acfcb95be8bf5ccab25f8529e39f8d7cff37ff5e

Files

c444334344b6eff1416b87c9acfcb95be8bf5ccab25f8529e39f8d7cff37ff5e
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE