xmrig | 36799be327b9ad948fdedf8f47bc114520e5ee56fe8033b72f63db1a92473dd6N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36799be327b9ad948fdedf8f47bc114520e5ee56fe8033b72f63db1a92473dd6N
Size

1.9MB
MD5

4197541dfb2fc5bd41d74654ce322c30
SHA1

327bd524672673661f59481b56795ca5d449b56a
SHA256

36799be327b9ad948fdedf8f47bc114520e5ee56fe8033b72f63db1a92473dd6
SHA512

67b42cf36c2165276e3a83b22e8d2b700b10d2f7789e8071aae4f7e0e086de9bb5658e5303e8b26bf3e9b6571c1dd2b9c9f0129d7bc40128b1ce9ce176f6d5e0
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQHxJ1U/QjRfv:oemTLkNdfE0pZrQL

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36799be327b9ad948fdedf8f47bc114520e5ee56fe8033b72f63db1a92473dd6N

Files

36799be327b9ad948fdedf8f47bc114520e5ee56fe8033b72f63db1a92473dd6N
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE