xmrig | JaffaCakes118_85160f9b510a645cb24aaaba06bba2fec92b187746bb2884768514ac1540b0d1

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_85160f9b510a645cb24aaaba06bba2fec92b187746bb2884768514ac1540b0d1
Size

547KB
MD5

e60e7e8d025eec49fee40e33433c8f18
SHA1

2f57e4dde1b69960bbafb975c1022bced18cf870
SHA256

85160f9b510a645cb24aaaba06bba2fec92b187746bb2884768514ac1540b0d1
SHA512

8410fe55df59c52c6bbc0a91609b8d294c0330426d7ca1ce7dc278e096f66c96b496c165c556d1f6207dbce370849f048db8cd874e0e4a411a9354d4ee143f43
SSDEEP

12288:feC7TjnI7lIL92DcGq2kezMVu0qKOo5k8GU/FJhHWkwrlihbO:WmQZKxGq2kKD0qKD5k8BjhHWkwr8hS

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
static1/unpack001/7196E2329A273C57604016DD051B7A06292AA25AF87C4E342FEEE3F6D9A6FF45	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7196E2329A273C57604016DD051B7A06292AA25AF87C4E342FEEE3F6D9A6FF45

Files

JaffaCakes118_85160f9b510a645cb24aaaba06bba2fec92b187746bb2884768514ac1540b0d1
.zip

Password: infected
7196E2329A273C57604016DD051B7A06292AA25AF87C4E342FEEE3F6D9A6FF45
.exe windows:6 windows x64 arch:x64

761f514d5d62e86642a8cb66f671bfd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

htonl
WSASetLastError
WSAStartup
select
WSARecvFrom
WSASocketW
WSASend
WSARecv
WSAIoctl
socket
shutdown
setsockopt
getsockopt
ioctlsocket
closesocket
bind
FreeAddrInfoW
GetAddrInfoW
WSAGetLastError
htons

kernel32

GetModuleHandleExW
ExitThread
GetFileAttributesExW
GetCommandLineW
GetCommandLineA
RaiseException
SetFileAttributesW
GetConsoleCP
SetStdHandle
ExitProcess
RtlPcToFileHeader
RtlUnwindEx
MultiByteToWideChar
WriteConsoleW
SetConsoleTitleA
GetStdHandle
SetConsoleMode
GetConsoleMode
GetCurrentProcess
CloseHandle
LoadLibraryW
GetProcAddress
SetThreadAffinityMask
SetPriorityClass
SetThreadPriority
GetSystemPowerStatus
Sleep
GetCurrentThread
GetModuleHandleW
GetTickCount
FreeConsole
GetConsoleWindow
VirtualProtect
VirtualFree
VirtualAlloc
GetLargePageMinimum
LocalAlloc
GetLastError
LocalFree
GetFileType
PostQueuedCompletionStatus
CreateFileA
CreateFileW
DuplicateHandle
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
QueueUserWorkItem
RegisterWaitForSingleObject
UnregisterWait
WideCharToMultiByte
GetNumberOfConsoleInputEvents
ReadConsoleInputW
ReadConsoleW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleTextAttribute
WriteConsoleInputW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
GetModuleFileNameW
HeapFree
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFinalPathNameByHandleW
GetFullPathNameW
ReadFile
RemoveDirectoryW
SetFilePointerEx
SetFileTime
WriteFile
DeviceIoControl
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReOpenFile
CopyFileW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
RtlUnwind
GetLongPathNameW
GetShortPathNameW
CreateIoCompletionPort
ReadDirectoryChangesW
SetHandleInformation
CancelIo
SwitchToThread
SetFileCompletionNotificationModes
SetErrorMode
GetQueuedCompletionStatus
ConnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
CancelIoEx
CancelSynchronousIo
DeleteCriticalSection
TerminateProcess
GetExitCodeProcess
UnregisterWaitEx
LCMapStringW
DebugBreak
FormatMessageA
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
ReleaseSemaphore
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetNativeSystemInfo
CreateSemaphoreA
GetModuleHandleA
LoadLibraryA
GetStartupInfoW
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
HeapReAlloc
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
HeapSize
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
SetEndOfFile
SetConsoleCtrlHandler
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
CompareStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
GetThreadTimes

user32

GetSystemMetrics
MapVirtualKeyW
DispatchMessageA
TranslateMessage
GetLastInputInfo
ShowWindow
GetMessageA

advapi32

SystemFunction036
LsaOpenPolicy
LsaAddAccountRights
LsaClose
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 985KB - Virtual size: 984KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RANDOMX
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

761f514d5d62e86642a8cb66f671bfd8

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 985KB - Virtual size: 984KB

.rdata Size: 180KB - Virtual size: 179KB

.data Size: 32KB - Virtual size: 2.6MB

.pdata Size: 35KB - Virtual size: 35KB

_RANDOMX Size: 3KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 148B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 985KB - Virtual size: 984KB

.rdata
Size: 180KB - Virtual size: 179KB

.data
Size: 32KB - Virtual size: 2.6MB

.pdata
Size: 35KB - Virtual size: 35KB

_RANDOMX
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 7KB - Virtual size: 6KB