xmrig | JaffaCakes118_51e4856e80cf0690987cb95887169488c1533fb381795a0013e56d89aa91134c

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_51e4856e80cf0690987cb95887169488c1533fb381795a0013e56d89aa91134c
Size

658KB
MD5

dd2415171ce9efc6649dc685b522911e
SHA1

705c73ece90ac6546148097704a4c69dbaa49432
SHA256

51e4856e80cf0690987cb95887169488c1533fb381795a0013e56d89aa91134c
SHA512

6ba2b38d3c4f00f795f799b90f3891be885a50f635d3c09814759722184d732eda40fb14b8cae453d4b1f296dac9f0be52db6347092d651b9817aefc7f289c01
SSDEEP

12288:uIQqoPBWMROjD5EG++L2SColQf0VkXRDuGRl9eJm5Qk8iCVwV0DujIDL3/6GaCOG:uIQqoPBVROjD5EG++2gyakBD//9eJ+Cb

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_51e4856e80cf0690987cb95887169488c1533fb381795a0013e56d89aa91134c

Files

JaffaCakes118_51e4856e80cf0690987cb95887169488c1533fb381795a0013e56d89aa91134c
.exe windows:6 windows x86 arch:x86

2659e1af5bd980a24eddce499132f8f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSARecvFrom
bind
WSAIoctl
select
htons
WSAStartup
socket
WSARecv
ioctlsocket
FreeAddrInfoW
GetAddrInfoW
closesocket
getsockopt
setsockopt
WSAGetLastError
WSASetLastError
WSASocketW
WSASend
shutdown

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
LsaOpenPolicy
LsaAddAccountRights
LsaClose
GetTokenInformation
RegCloseKey
GetCurrentHwProfileA
RegSetValueExW
InitializeAcl
SetSecurityInfo
RegOpenKeyW

kernel32

GetACP
HeapReAlloc
IsValidLocale
ExitThread
SetFileAttributesW
HeapFree
GetTimeZoneInformation
GetFileAttributesExW
GetConsoleCP
GetUserDefaultLCID
EnumSystemLocalesW
DeleteFileW
HeapSize
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEndOfFile
HeapAlloc
GetStdHandle
SetConsoleMode
GetConsoleMode
GetModuleFileNameA
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
CreateMutexA
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
GetLastError
OpenMutexA
Process32NextW
DeleteFileA
Process32FirstW
CloseHandle
FreeConsole
GetSystemInfo
GetProcAddress
GetConsoleWindow
WinExec
SetThreadAffinityMask
SetProcessAffinityMask
GetCurrentThread
VirtualFree
VirtualAlloc
LocalAlloc
LocalFree
SetPriorityClass
SetThreadPriority
GetModuleHandleW
SwitchToThread
GetCurrentProcessId
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
PostQueuedCompletionStatus
Sleep
SetErrorMode
GetQueuedCompletionStatus
CreateIoCompletionPort
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RegisterWaitForSingleObject
UnregisterWait
GetConsoleCursorInfo
DuplicateHandle
QueueUserWorkItem
MultiByteToWideChar
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
CreateFileA
ReadConsoleW
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
WideCharToMultiByte
SetConsoleCursorPosition
GetFileType
CreateDirectoryW
ReadFile
SetLastError
WriteFile
DeviceIoControl
RemoveDirectoryW
SetFileTime
CreateHardLinkW
CreateFileW
GetFileAttributesW
GetFileInformationByHandle
SetFilePointerEx
MoveFileExW
CopyFileW
FlushFileBuffers
QueryPerformanceFrequency
QueryPerformanceCounter
CancelIo
SetHandleInformation
CreateEventA
TryEnterCriticalSection
TlsSetValue
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObject
ResumeThread
SetEvent
TlsAlloc
ResetEvent
DeleteCriticalSection
CreateSemaphoreW
TlsGetValue
TlsFree
CreateSemaphoreA
FormatMessageA
SetNamedPipeHandleState
CreateNamedPipeW
PeekNamedPipe
GetNamedPipeHandleStateA
ConnectNamedPipe
GetLongPathNameW
ReadDirectoryChangesW
LoadLibraryA
UnregisterWaitEx
LCMapStringW
GetExitCodeProcess
GetStartupInfoW
SetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetCommandLineA
RaiseException
RtlUnwind
LoadLibraryW
WaitForSingleObjectEx
GetCurrentThreadId
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
DecodePointer
CompareStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList

user32

ShowWindow
MapVirtualKeyW

oleaut32

VariantClear
SysFreeString
SysAllocString

urlmon

URLDownloadToFileA

Sections

.text
Size: 510KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2659e1af5bd980a24eddce499132f8f1

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

kernel32

user32

oleaut32

urlmon

Sections

.text Size: 510KB - Virtual size: 509KB

.rdata Size: 105KB - Virtual size: 105KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 510KB - Virtual size: 509KB

.rdata
Size: 105KB - Virtual size: 105KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 28KB