xmrig | 15bfc9af3eb120b4d4161c47a5184016dbc458b465cadc0bc0b98fd5790df830 | Triage

Sharing

General

Target

15bfc9af3eb120b4d4161c47a5184016dbc458b465cadc0bc0b98fd5790df830
Size

5.3MB
MD5

9ed3ea2f4faf8b1cf0a73f126f6142db
SHA1

842dbbc53aac7435a26dbfb63e191843715cffbe
SHA256

15bfc9af3eb120b4d4161c47a5184016dbc458b465cadc0bc0b98fd5790df830
SHA512

89cc4e989a0604b48d47eaad0caf3129d16539b6755d8c42cc94f8c783c7c82631f0d3f51924ae5913e9202c1e3268727dd860de3209e65cc79bf00ac29a3025
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32c:T+q56utgpPF8u/h

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15bfc9af3eb120b4d4161c47a5184016dbc458b465cadc0bc0b98fd5790df830

Files

15bfc9af3eb120b4d4161c47a5184016dbc458b465cadc0bc0b98fd5790df830
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE