Manalyze report for 4bd2631adfe4a256a72614c3f0d1aced

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Mar-23 06:41:23
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
CompanyName	www.xmrig.com
FileDescription	XMRig miner
FileVersion	`6.21.2`
LegalCopyright	Copyright (C) 2016-2024 xmrig.com
OriginalFilename	xmrig.exe
ProductName	XMRig
ProductVersion	`6.21.2`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to mining pools: stratum+tcp://` `Contains domain names: api.xmrig.com donate.ssl.xmrig.com donate.v2.xmrig.com https://xmrig.com nicehash.com randomx.xmrig.com ssl.xmrig.com v2.xmrig.com www.xmrig.com xmrig.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Uses constants related to base58` `Uses known Diffie-Helman primes` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: _RANDOMX` `Unusual section name found: _TEXT_CN` `Unusual section name found: _TEXT_CN`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW LoadLibraryExW LoadLibraryExA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Uses Microsoft's cryptographic API: CryptEnumProvidersW CryptSignHashW CryptDestroyHash CryptCreateHash CryptDecrypt CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptDestroyKey CryptReleaseContext CryptAcquireContextW` `Can create temporary files: CreateFileW CreateFileA GetTempPathW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Leverages the raw socket API to access the Internet: WSASetLastError send recv ntohs htons htonl inet_addr inet_ntoa gethostbyaddr WSAGetLastError WSAIoctl gethostbyname WSARecvFrom WSASocketW WSASend WSARecv gethostname WSADuplicateSocketW getpeername FreeAddrInfoW GetAddrInfoW shutdown socket setsockopt listen connect closesocket bind WSACleanup WSAStartup select getsockopt getsockname ioctlsocket getservbyname getservbyport` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Interacts with services: CreateServiceW QueryServiceStatus OpenSCManagerW QueryServiceConfigA DeleteService ControlService OpenServiceW` `Enumerates local disk drives: GetDriveTypeW` `Interacts with the certificate store: CertOpenStore`
Malicious	VirusTotal score: 49/72 (Scanned on 2024-03-27 09:34:37)	`ALYac: Gen:Variant.Application.Miner.2` `APEX: Malicious` `AVG: Win64:MiscX-gen [PUP]` `AhnLab-V3: Win-Trojan/Miner3.Exp` `Alibaba: Trojan:Win32/Coinminer.449` `Antiy-AVL: GrayWare/Win64.CoinMiner.po` `Arcabit: Trojan.Application.Miner.2` `Avast: Win64:MiscX-gen [PUP]` `Avira: PUA/CoinMiner.Gen` `BitDefender: Gen:Variant.Application.Miner.2` `ClamAV: Win.Coinminer.Generic-7151250-0` `CrowdStrike: win/grayware_confidence_90% (W)` `Cybereason: malicious.adfe4a` `Cylance: unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Win64/CoinMiner.IZ potentially unwanted` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Application.Miner.2 (B)` `F-Secure: PotentialRisk.PUA/CoinMiner.Gen` `FireEye: Generic.mg.4bd2631adfe4a256` `Fortinet: Riskware/CoinMiner` `GData: Win64.Application.Coinminer.CP` `Google: Detected` `Gridinsoft: Risk.Win64.CoinMiner.sd!i` `Ikarus: PUA.CoinMiner` `Jiangmin: RiskTool.BitMiner.conc` `K7AntiVirus: Trojan ( 005697011 )` `K7GW: Trojan ( 005697011 )` `Kaspersky: not-a-virus:UDS:RiskTool.Win32.BitMiner.gen` `Lionic: Trojan.Win32.Miner.tstT` `MAX: malware (ai score=74)` `Malwarebytes: Neshta.Virus.FileInfector.DDS` `MaxSecure: Trojan.Malware.121218.susgen` `McAfee: Artemis!4BD2631ADFE4` `MicroWorld-eScan: Gen:Variant.Application.Miner.2` `Panda: PUP/CoinMiner` `Rising: HackTool.XMRMiner!1.C2EC (CLASSIC)` `Sangfor: Trojan.Win64.XMR.Miner` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win64.CoinMiner.vh` `Sophos: XMRig Miner (PUA)` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.11be0743` `TrendMicro-HouseCall: TROJ_GEN.R002H0CCN24` `VIPRE: Gen:Variant.Application.Miner.2` `Varist: W64/Coinminer.BN.gen!Eldorado` `ZoneAlarm: not-a-virus:UDS:RiskTool.Win32.BitMiner.gen` `alibabacloud: Miner:Win/CoinMiner.A`

Hashes

MD5	`4bd2631adfe4a256a72614c3f0d1aced`
SHA1	`d39b122677c85b271e1e0a1cad42ed08706dab2b`
SHA256	`810838fe05bf0fac2ca9659efa6d2d5bb6f0e324ce9330ad1ba6ec636844fb84`
SHA3	`c1618dacd4f6f31eb2a495a3f36e82c44ce06be8f11888f5ca044e2b31278850`
SSDeep	`98304:t007TSZB9luIq7GnaU/XdrIlSABFtoRlgmqILLN4qbtTUNGDC2Zvi26:RTSKftoRGmqw4qbtoyjZvi26`
Imports Hash	`12806e48b853545b536463546db4baa1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2024-Mar-23 06:41:23
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x41a000`
SizeOfInitializedData	`0x496000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000003DFAF4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x8b6000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6bc8e63a75aca8055e2bb7f707f0414f`
SHA1	`3e2de719446adf0895c4cf019322ca85b1f8ad21`
SHA256	`4962eb20e12654678a5741892ad751f76f5d2b1212cf62c92fbc5c293d2346b7`
SHA3	`1a0db19c891061fbbf577a831a0696e50cc237a40ffc77bbc1ee782284adbf21`
VirtualSize	`0x419e24`
VirtualAddress	`0x1000`
SizeOfRawData	`0x41a000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.51154`

.rdata

MD5	`9abc635bd320c287a7ad1596b8d3552a`
SHA1	`d6729fd443e64fdb068a53867463017adf9e2781`
SHA256	`0c70809c7c18b7a9882a6f7bd4b14a4441a5f6b86bd03f492dcce75cc7e897b2`
SHA3	`bc714a3ba43d2ac6da0447ace86a50967728e34877757b8271195b9905934b33`
VirtualSize	`0x1a68ca`
VirtualAddress	`0x41b000`
SizeOfRawData	`0x1a6a00`
PointerToRawData	`0x41a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.16739`

.data

MD5	`bb026e835841e4b343566c672351c773`
SHA1	`4dbd401a3e6f42beebd95517c95debe1d384ac94`
SHA256	`cac8c1a89baa58a3e65ac50acdfec703b591d1254d09ff02972d8da7697c0cde`
SHA3	`985daa639f0fbc63960e9c452d60f53b93dcdacb03a856c521f97b2ee0cc9f62`
VirtualSize	`0x2af594`
VirtualAddress	`0x5c2000`
SizeOfRawData	`0x10200`
PointerToRawData	`0x5c0e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.01174`

.pdata

MD5	`8b5aa1ca056ad36d052265cbb5c8bffa`
SHA1	`bdd8552f601bc6f9d3fda746af1ab347352fe8cc`
SHA256	`d0639609bef6c984c17c1ce716dfa77223fc2de03600470fbf31212bf528cb67`
SHA3	`954f3f82d7983bda598c82288cc55cade9c78ff7e912625de36c52ea0a794f9a`
VirtualSize	`0x2a54c`
VirtualAddress	`0x872000`
SizeOfRawData	`0x2a600`
PointerToRawData	`0x5d1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.36201`

_RANDOMX

MD5	`9ee63642b94966ecb630ee0843e46b26`
SHA1	`11bd5b6446d56158259a24b938f7c4959bd56e21`
SHA256	`a0e8dcaf970131535f4e5292a291692b43dc1fe5112d3fa7540a851de29664ea`
SHA3	`3340b30c98f35504dbecd4eff4680013fe534c1f1e5df6ea50f6fe41274e85ff`
VirtualSize	`0xc56`
VirtualAddress	`0x89d000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x5fb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.68241`

_TEXT_CN

MD5	`afea7882aa31e5987db2f12b8933de56`
SHA1	`91d62ae67c7e250650c5d785cffb0a794da2f085`
SHA256	`22da176111a6792ee42e810c4381316e710e95c28567224e7c5b5d4d703400fe`
SHA3	`45f964cd6a8a2b7d2570bc7d428bc928e75fa4ee11032f599a5f7f02435d9ed3`
VirtualSize	`0x26d1`
VirtualAddress	`0x89e000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x5fc400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.07727`

_TEXT_CN (#2)

MD5	`409bf3f918f2402291cb56c2e9354b47`
SHA1	`4992a8b9c3e33a7f8659bd20066f907134f7c337`
SHA256	`97edf367117028c754aed0c10748bfa55d73a87af588af16d5b24610e1652b08`
SHA3	`a8379e211aa90421ff01b9567092fde1be282d339ea986b42067baed4539be96`
VirtualSize	`0x1184`
VirtualAddress	`0x8a1000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x5fec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.04792`

_RDATA

MD5	`ece44a371fbe47ae19b3f19856fd9fc1`
SHA1	`585ccb5e8b1d67eaf43a44764ea4718cb97b3fcb`
SHA256	`24caa2b588e4d03b667380a41b5673a262976868c5286466af386cc59244220e`
SHA3	`f2218b0b0bbe400ef81ebfc267369f0b9a37fd3df18a9e09dfb8d5cd0cb60ba2`
VirtualSize	`0xf4`
VirtualAddress	`0x8a3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5ffe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.41929`

.rsrc

MD5	`03cb0cc5cd35afa658f4ae54c429b750`
SHA1	`f1dae029cc52ded39198e782425a2c658724d26e`
SHA256	`b35f92c5252323978c93829abf9bca9993fb99ec74d26ec79274da7e8a772e6d`
SHA3	`e7b992de6d4e1802fe623caffc5b55b491f594603fdd1fb08975a1107ab2805c`
VirtualSize	`0x59c8`
VirtualAddress	`0x8a4000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0x600000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.42914`

.reloc

MD5	`ad2860a7a1de6117fe8aaf143956d979`
SHA1	`7e8bd0b4147c0a6e87f6cbd374901cc3138fad0a`
SHA256	`414ab90b549c9dc20ee005e3efddb42f28283d9d208c5abb5b66977eb5ca1d56`
SHA3	`6a4ee310e4cd7070138b431d29a83c86c5a1368239c7aba7c4124acdd459acd1`
VirtualSize	`0xb598`
VirtualAddress	`0x8aa000`
SizeOfRawData	`0xb600`
PointerToRawData	`0x605a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45798`

Imports

WS2_32.dll	`WSASetLastError` `send` `recv` `ntohs` `htons` `htonl` `inet_addr` `inet_ntoa` `gethostbyaddr` `WSAGetLastError` `WSAIoctl` `gethostbyname` `WSARecvFrom` `WSASocketW` `WSASend` `WSARecv` `gethostname` `WSADuplicateSocketW` `getpeername` `FreeAddrInfoW` `GetAddrInfoW` `shutdown` `socket` `setsockopt` `listen` `connect` `closesocket` `bind` `WSACleanup` `WSAStartup` `select` `getsockopt` `getsockname` `ioctlsocket` `getservbyname` `getservbyport`
IPHLPAPI.DLL	`GetAdaptersAddresses`
USERENV.dll	`GetUserProfileDirectoryW`
CRYPT32.dll	`CertFreeCertificateContext` `CertFindCertificateInStore` `CertEnumCertificatesInStore` `CertCloseStore` `CertOpenStore` `CertGetCertificateContextProperty` `CertDuplicateCertificateContext`
KERNEL32.dll	`GetStringTypeW` `InitializeCriticalSectionAndSpinCount` `WriteConsoleW` `SetConsoleTitleA` `GetStdHandle` `SetConsoleMode` `GetConsoleMode` `QueryPerformanceFrequency` `QueryPerformanceCounter` `SizeofResource` `LockResource` `LoadResource` `FindResourceW` `ExpandEnvironmentStringsA` `GetConsoleWindow` `GetSystemFirmwareTable` `HeapFree` `HeapAlloc` `GetProcessHeap` `MultiByteToWideChar` `SetPriorityClass` `GetCurrentProcess` `SetThreadPriority` `GetSystemPowerStatus` `GetCurrentThread` `GetProcAddress` `GetModuleHandleW` `GetTickCount` `CloseHandle` `FreeConsole` `VirtualProtect` `VirtualFree` `VirtualAlloc` `GetLargePageMinimum` `LocalAlloc` `GetLastError` `LocalFree` `FlushInstructionCache` `GetCurrentThreadId` `AddVectoredExceptionHandler` `DeviceIoControl` `GetModuleFileNameW` `CreateFileW` `SetLastError` `GetSystemTime` `SystemTimeToFileTime` `GetModuleHandleExW` `Sleep` `InitializeSRWLock` `ReleaseSRWLockExclusive` `ReleaseSRWLockShared` `AcquireSRWLockExclusive` `AcquireSRWLockShared` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemInfo` `SwitchToFiber` `DeleteFiber` `CreateFiberEx` `FindClose` `FindFirstFileW` `FindNextFileW` `WideCharToMultiByte` `GetSystemDirectoryA` `FreeLibrary` `LoadLibraryA` `FormatMessageA` `GetFileType` `WriteFile` `GetEnvironmentVariableW` `GetACP` `ConvertFiberToThread` `ConvertThreadToFiberEx` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `LoadLibraryW` `ReadConsoleA` `ReadConsoleW` `PostQueuedCompletionStatus` `CreateFileA` `DuplicateHandle` `SetEvent` `ResetEvent` `WaitForSingleObject` `CreateEventA` `QueueUserWorkItem` `RegisterWaitForSingleObject` `UnregisterWait` `GetNumberOfConsoleInputEvents` `ReadConsoleInputW` `FillConsoleOutputCharacterW` `FillConsoleOutputAttribute` `GetConsoleCursorInfo` `SetConsoleCursorInfo` `GetConsoleScreenBufferInfo` `SetConsoleCursorPosition` `SetConsoleTextAttribute` `WriteConsoleInputW` `CreateDirectoryW` `FlushFileBuffers` `GetDiskFreeSpaceW` `GetFileAttributesW` `GetFileInformationByHandle` `CreateEventW` `RtlCaptureContext` `GetFullPathNameW` `ReadFile` `RemoveDirectoryW` `SetFilePointerEx` `SetFileTime` `MapViewOfFile` `FlushViewOfFile` `UnmapViewOfFile` `CreateFileMappingA` `ReOpenFile` `CopyFileW` `MoveFileExW` `CreateHardLinkW` `GetFileInformationByHandleEx` `CreateSymbolicLinkW` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `TryEnterCriticalSection` `DeleteCriticalSection` `InitializeConditionVariable` `WakeConditionVariable` `WakeAllConditionVariable` `SleepConditionVariableCS` `ReleaseSemaphore` `ResumeThread` `GetNativeSystemInfo` `GetProcessAffinityMask` `SetThreadAffinityMask` `CreateSemaphoreA` `SetConsoleCtrlHandler` `GetCurrentDirectoryW` `GetLongPathNameW` `RtlUnwind` `CreateIoCompletionPort` `ReadDirectoryChangesW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetCurrentDirectoryW` `GetTempPathW` `GlobalMemoryStatusEx` `FileTimeToSystemTime` `K32GetProcessMemoryInfo` `SetHandleInformation` `CancelIoEx` `CancelIo` `SwitchToThread` `SetFileCompletionNotificationModes` `LoadLibraryExW` `SetErrorMode` `GetQueuedCompletionStatus` `ConnectNamedPipe` `SetNamedPipeHandleState` `PeekNamedPipe` `CreateNamedPipeW` `CancelSynchronousIo` `GetNamedPipeHandleStateA` `GetNamedPipeClientProcessId` `GetNamedPipeServerProcessId` `TerminateProcess` `GetExitCodeProcess` `UnregisterWaitEx` `LCMapStringW` `DebugBreak` `GetModuleHandleA` `LoadLibraryExA` `GetStartupInfoW` `GetModuleFileNameA` `GetVersionExA` `SetProcessAffinityMask` `GetComputerNameA` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `GetCPInfo` `RtlLookupFunctionEntry` `GetFinalPathNameByHandleW` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsProcessorFeaturePresent` `IsDebuggerPresent` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetStdHandle` `GetCommandLineA` `GetCommandLineW` `CreateThread` `ExitThread` `FreeLibraryAndExitThread` `GetDriveTypeW` `SystemTimeToTzSpecificLocalTime` `ExitProcess` `GetFileAttributesExW` `SetFileAttributesW` `GetConsoleOutputCP` `CompareStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `HeapReAlloc` `GetTimeZoneInformation` `HeapSize` `SetEndOfFile` `FindFirstFileExW` `IsValidCodePage` `GetOEMCP` `GetFileSizeEx` `GetShortPathNameW` `CompareStringEx` `LCMapStringEx` `InitializeCriticalSectionEx` `WaitForSingleObjectEx` `GetExitCodeThread` `SleepConditionVariableSRW` `EncodePointer` `DecodePointer`
USER32.dll	`GetLastInputInfo` `MessageBoxW` `GetProcessWindowStation` `TranslateMessage` `GetUserObjectInformationW` `ShowWindow` `DispatchMessageA` `GetSystemMetrics` `MapVirtualKeyW` `GetMessageA`
SHELL32.dll	`SHGetSpecialFolderPathA`
ole32.dll	`CoInitializeEx` `CoUninitialize` `CoCreateInstance`
ADVAPI32.dll	`SystemFunction036` `GetUserNameW` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `CryptEnumProvidersW` `CryptSignHashW` `CryptDestroyHash` `CryptCreateHash` `CryptDecrypt` `CryptExportKey` `CryptGetUserKey` `CryptGetProvParam` `CryptSetHashParam` `CryptDestroyKey` `CryptReleaseContext` `CryptAcquireContextW` `CreateServiceW` `QueryServiceStatus` `CloseServiceHandle` `OpenSCManagerW` `QueryServiceConfigA` `DeleteService` `ControlService` `StartServiceW` `OpenServiceW` `LookupPrivilegeValueW` `AdjustTokenPrivileges` `OpenProcessToken` `LsaOpenPolicy` `LsaAddAccountRights` `LsaClose` `GetTokenInformation`
bcrypt.dll	`BCryptGenRandom`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x18fb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.7747`
Detected Filetype	PNG graphic file
MD5	`d2b3b44dd5992d99b061cec9f87c5e3b`
SHA1	`694991076e6bd92f29800d5f4fd4b136e9583a03`
SHA256	`1027b3001f02a641e63f0f8890d8c241a96ad9f9b6f51ac18f1708e0b9b153e2`
SHA3	`c84de423b20694cbc70420994fbe7f3a35a08d016b3395b8cbde2c77c879cc83`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40543`
MD5	`b8fabacf5f0ce868656ac7a1d38c7c99`
SHA1	`b6606acde2048247eea72e376e881c110762f3a3`
SHA256	`a0f3071f0b83a634ed4ce4c9513459c20cb651b76a97390c112cab3534baee57`
SHA3	`6f68ae5035d443001b74f69e24e1ae300ba9eeffbee6927be87fe497e50c7620`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.625`
MD5	`eb9b079af4d212c926426686f24e516a`
SHA1	`e46240dde1276ab9c966f7ae8a9d2631233fdba5`
SHA256	`3df8c36345567387af16c3d1477e1407a61ecb28d680b44b152083bb0c88b09f`
SHA3	`af80475dd37ad25cf7bc336dc965938d8ffc5ad4c0477e35a8de467ddfb07456`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.18975`
MD5	`b7a4d623cebb6b0a4ac9304ff259c4b4`
SHA1	`0b6b0596e3045cc5ff32b9763b238e517b0f7a90`
SHA256	`af4e0f279de1ac32e008dc9adb0f03db2af65d30f044043c2b709d07a07c3bc5`
SHA3	`e4b7dc94f883aa2954b4de274dc5e17174429f7f54f753054dc2c06f4b27dc23`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44608`
Detected Filetype	Icon file
MD5	`d65768d541826c7a1c119d43e59596d1`
SHA1	`0a2a316b114a65fea6ff0d72b57ca599f12048e8`
SHA256	`8ef1c9f7f7cb304bb3e6923d28c490bea97da88cf859e7270251d5dd2d74feb5`
SHA3	`e0d6d1c769aea7fa43792fff1f89c147e2668f3df5c4945c37641b221ee8107a`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x28c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39363`
MD5	`6af7e9891bd35a33015e8a7cb018be03`
SHA1	`c282d2a674275df8331521370c38638b707b5d86`
SHA256	`5694b2031dca78866043febf4ed4a1a0eade0a53121378512625c40a368816fe`
SHA3	`75c3428730a8bfe0ba6f5c33804ad96bb200831d6c8cd61b7de3560609bf6f61`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.21.2.0
ProductVersion	6.21.2.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	www.xmrig.com
FileDescription	XMRig miner
FileVersion (#2)	6.21.2
LegalCopyright	Copyright (C) 2016-2024 xmrig.com
OriginalFilename	xmrig.exe
ProductName	XMRig
ProductVersion (#2)	6.21.2

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Mar-23 06:41:23
Version	`0.0`
SizeofData	`1176`
AddressOfRawData	`0x58f0b4`
PointerToRawData	`0x58e4b4`

TLS Callbacks

StartAddressOfRawData	`0x14058f570`
EndAddressOfRawData	`0x14058f598`
AddressOfIndex	`0x14085e4b4`
AddressOfCallbacks	`0x14041bdf8`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001403DF81C`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1405c8118`

RICH Header

XOR Key	`0x79ee7c47`
Unmarked objects	`0`
ASM objects (30795)	`12`
C++ objects (30795)	`204`
C objects (30034)	`19`
ASM objects (30034)	`10`
C++ objects (30034)	`95`
C objects (30795)	`25`
Total imports	`390`
Imports (30795)	`23`
C objects (30154)	`818`
C++ objects (LTCG) (30154)	`264`
ASM objects (30154)	`3`
Resource objects (30154)	`1`
151	`1`
Linker (30154)	`1`

4bd2631adfe4a256a72614c3f0d1aced

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

_RANDOMX

_TEXT_CN

_TEXT_CN (#2)

_RDATA

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

101

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors