xmrig | 2e3d4f61cbdd170ae24c23bf2a204c5f50ac876c335453a401f4c02e630a7b63 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e3d4f61cbdd170ae24c23bf2a204c5f50ac876c335453a401f4c02e630a7b63
Size

2.4MB
MD5

b6af9e4948f2b6227680693265f1e0f9
SHA1

c9f5c5f44c9991c143687aa6a8e5a965786ac407
SHA256

2e3d4f61cbdd170ae24c23bf2a204c5f50ac876c335453a401f4c02e630a7b63
SHA512

9edfd33357646ecdf4ce087add2e30d0eaecadd98e9f84555b8572542ad3f720e118aa81be08349490f692c53b897e22187ab8f9e46cc5ae387d259f19a20a18
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQoyBcIKH0kgcf:oemTLkNdfE0pZrQs

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e3d4f61cbdd170ae24c23bf2a204c5f50ac876c335453a401f4c02e630a7b63

Files

2e3d4f61cbdd170ae24c23bf2a204c5f50ac876c335453a401f4c02e630a7b63
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE