xmrig | 354b538adff486cd6558598323b2584bf742ee40d34def6aa87623f38ad835e6 | Triage

Sharing

General

Target

354b538adff486cd6558598323b2584bf742ee40d34def6aa87623f38ad835e6
Size

1.7MB
MD5

7ac289315b88d381135269f25d16d73a
SHA1

c7b52a2f502f564cff10560c4d53b155a92bd0ab
SHA256

354b538adff486cd6558598323b2584bf742ee40d34def6aa87623f38ad835e6
SHA512

0ddc563ae363661a19f63cea1f60b11146abf2eabe9bd2e73c99b9bf35605a70b984c79454c6f1206b2c387a4e77c7ac4d757fccdce82954ff17037d8c9a9afb
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9ozttwIRRvzc26JAis/:GemTLkNdfE0pZyl

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
354b538adff486cd6558598323b2584bf742ee40d34def6aa87623f38ad835e6

Files

354b538adff486cd6558598323b2584bf742ee40d34def6aa87623f38ad835e6
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ