xmrig | e9048f971e4bd56f00a8a0b0deacd45b5e78ae33cdb24ddf5a97aa278fb64f2fN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e9048f971e4bd56f00a8a0b0deacd45b5e78ae33cdb24ddf5a97aa278fb64f2fN
Size

1.9MB
MD5

cf0d13c92b4e36c4d73cbf1004638bc0
SHA1

a45d3e018c33726df9ad0eab461f2c1f208fcc35
SHA256

e9048f971e4bd56f00a8a0b0deacd45b5e78ae33cdb24ddf5a97aa278fb64f2f
SHA512

f98a72ff482472937b8cc32d70a6d633519d737f3b964c81bb0a62ad1c98c3cd69caed25cd109051ea922919c6e59a5227799852658a1ad3acd08d7dcc0a20f2
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQHxJ1U/QjL:oemTLkNdfE0pZrQh

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9048f971e4bd56f00a8a0b0deacd45b5e78ae33cdb24ddf5a97aa278fb64f2fN

Files

e9048f971e4bd56f00a8a0b0deacd45b5e78ae33cdb24ddf5a97aa278fb64f2fN
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE