xmrig | 1d0cc95e6d09912cbadac6aae18ee383f36b82821870383d851fef3197fa48d5 | Triage

Sharing

General

Target

1d0cc95e6d09912cbadac6aae18ee383f36b82821870383d851fef3197fa48d5
Size

1.7MB
MD5

03797fc1cf4acdf030f95bace0d93e51
SHA1

e7d68d2ae2d01c7910e755df142670d6df01e570
SHA256

1d0cc95e6d09912cbadac6aae18ee383f36b82821870383d851fef3197fa48d5
SHA512

4ae57e7c4a2d9a5f8619a7df5efb563a6d5fbf4dd6abd2f74381dfa61d95446de3dcd8fe1e057a4b53f57bc053856953116c8e1c8c310c470ede7bcb9b60b221
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9ozttwIRx2TBBypVpqhL:GemTLkNdfE0pZyi

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d0cc95e6d09912cbadac6aae18ee383f36b82821870383d851fef3197fa48d5

Files

1d0cc95e6d09912cbadac6aae18ee383f36b82821870383d851fef3197fa48d5
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ