xmrig | 49f197d09be464c5ad818497b6347dbae6c4500370cf4858c9b32d9f9f318a9e | Triage

Sharing

General

Target

49f197d09be464c5ad818497b6347dbae6c4500370cf4858c9b32d9f9f318a9e
Size

1.1MB
MD5

b7c4ee7d5e6447384b72deea9ddb9552
SHA1

6e741dc2389e73b3fc71bab82abdf227d494c3ed
SHA256

49f197d09be464c5ad818497b6347dbae6c4500370cf4858c9b32d9f9f318a9e
SHA512

75c6d79baf04773c8cb1577e199580d440c590c905463c6e0a3c6995ef017a790d79b98006f47b2329d782579e2936b0e2a7df0992f647b57fcef02d69f9b6c7
SSDEEP

24576:GezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbpwlKenszQEMrP5+A4V:GezaTF8FcNkNdfE0pZ9ozttwIRQlU

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49f197d09be464c5ad818497b6347dbae6c4500370cf4858c9b32d9f9f318a9e

Files

49f197d09be464c5ad818497b6347dbae6c4500370cf4858c9b32d9f9f318a9e
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ