Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2024-Mar-23 06:41:23 |
Detected languages |
English - United States
|
TLS Callbacks | 1 callback(s) detected. |
CompanyName | www.xmrig.com |
FileDescription | XMRig miner |
FileVersion | 6.21.2 |
LegalCopyright | Copyright (C) 2016-2024 xmrig.com |
OriginalFilename | xmrig.exe |
ProductName | XMRig |
ProductVersion | 6.21.2 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to mining pools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to Blowfish Uses constants related to base58 Uses known Diffie-Helman primes Uses known Mersenne Twister constants Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. |
Unusual section name found: _RANDOMX
Unusual section name found: _TEXT_CN Unusual section name found: _TEXT_CN |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 49/72 (Scanned on 2024-03-27 09:34:37) |
ALYac:
Gen:Variant.Application.Miner.2
APEX: Malicious AVG: Win64:MiscX-gen [PUP] AhnLab-V3: Win-Trojan/Miner3.Exp Alibaba: Trojan:Win32/Coinminer.449 Antiy-AVL: GrayWare/Win64.CoinMiner.po Arcabit: Trojan.Application.Miner.2 Avast: Win64:MiscX-gen [PUP] Avira: PUA/CoinMiner.Gen BitDefender: Gen:Variant.Application.Miner.2 ClamAV: Win.Coinminer.Generic-7151250-0 CrowdStrike: win/grayware_confidence_90% (W) Cybereason: malicious.adfe4a Cylance: unsafe Cynet: Malicious (score: 100) DeepInstinct: MALICIOUS ESET-NOD32: a variant of Win64/CoinMiner.IZ potentially unwanted Elastic: malicious (high confidence) Emsisoft: Gen:Variant.Application.Miner.2 (B) F-Secure: PotentialRisk.PUA/CoinMiner.Gen FireEye: Generic.mg.4bd2631adfe4a256 Fortinet: Riskware/CoinMiner GData: Win64.Application.Coinminer.CP Google: Detected Gridinsoft: Risk.Win64.CoinMiner.sd!i Ikarus: PUA.CoinMiner Jiangmin: RiskTool.BitMiner.conc K7AntiVirus: Trojan ( 005697011 ) K7GW: Trojan ( 005697011 ) Kaspersky: not-a-virus:UDS:RiskTool.Win32.BitMiner.gen Lionic: Trojan.Win32.Miner.tstT MAX: malware (ai score=74) Malwarebytes: Neshta.Virus.FileInfector.DDS MaxSecure: Trojan.Malware.121218.susgen McAfee: Artemis!4BD2631ADFE4 MicroWorld-eScan: Gen:Variant.Application.Miner.2 Panda: PUP/CoinMiner Rising: HackTool.XMRMiner!1.C2EC (CLASSIC) Sangfor: Trojan.Win64.XMR.Miner SentinelOne: Static AI - Malicious PE Skyhigh: BehavesLike.Win64.CoinMiner.vh Sophos: XMRig Miner (PUA) Symantec: ML.Attribute.HighConfidence Tencent: Malware.Win32.Gencirc.11be0743 TrendMicro-HouseCall: TROJ_GEN.R002H0CCN24 VIPRE: Gen:Variant.Application.Miner.2 Varist: W64/Coinminer.BN.gen!Eldorado ZoneAlarm: not-a-virus:UDS:RiskTool.Win32.BitMiner.gen alibabacloud: Miner:Win/CoinMiner.A |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x120 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 10 |
TimeDateStamp | 2024-Mar-23 06:41:23 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x41a000 |
SizeOfInitializedData | 0x496000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00000000003DFAF4 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x8b6000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WS2_32.dll |
WSASetLastError
send recv ntohs htons htonl inet_addr inet_ntoa gethostbyaddr WSAGetLastError WSAIoctl gethostbyname WSARecvFrom WSASocketW WSASend WSARecv gethostname WSADuplicateSocketW getpeername FreeAddrInfoW GetAddrInfoW shutdown socket setsockopt listen connect closesocket bind WSACleanup WSAStartup select getsockopt getsockname ioctlsocket getservbyname getservbyport |
---|---|
IPHLPAPI.DLL |
GetAdaptersAddresses
|
USERENV.dll |
GetUserProfileDirectoryW
|
CRYPT32.dll |
CertFreeCertificateContext
CertFindCertificateInStore CertEnumCertificatesInStore CertCloseStore CertOpenStore CertGetCertificateContextProperty CertDuplicateCertificateContext |
KERNEL32.dll |
GetStringTypeW
InitializeCriticalSectionAndSpinCount WriteConsoleW SetConsoleTitleA GetStdHandle SetConsoleMode GetConsoleMode QueryPerformanceFrequency QueryPerformanceCounter SizeofResource LockResource LoadResource FindResourceW ExpandEnvironmentStringsA GetConsoleWindow GetSystemFirmwareTable HeapFree HeapAlloc GetProcessHeap MultiByteToWideChar SetPriorityClass GetCurrentProcess SetThreadPriority GetSystemPowerStatus GetCurrentThread GetProcAddress GetModuleHandleW GetTickCount CloseHandle FreeConsole VirtualProtect VirtualFree VirtualAlloc GetLargePageMinimum LocalAlloc GetLastError LocalFree FlushInstructionCache GetCurrentThreadId AddVectoredExceptionHandler DeviceIoControl GetModuleFileNameW CreateFileW SetLastError GetSystemTime SystemTimeToFileTime GetModuleHandleExW Sleep InitializeSRWLock ReleaseSRWLockExclusive ReleaseSRWLockShared AcquireSRWLockExclusive AcquireSRWLockShared TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemInfo SwitchToFiber DeleteFiber CreateFiberEx FindClose FindFirstFileW FindNextFileW WideCharToMultiByte GetSystemDirectoryA FreeLibrary LoadLibraryA FormatMessageA GetFileType WriteFile GetEnvironmentVariableW GetACP ConvertFiberToThread ConvertThreadToFiberEx GetCurrentProcessId GetSystemTimeAsFileTime LoadLibraryW ReadConsoleA ReadConsoleW PostQueuedCompletionStatus CreateFileA DuplicateHandle SetEvent ResetEvent WaitForSingleObject CreateEventA QueueUserWorkItem RegisterWaitForSingleObject UnregisterWait GetNumberOfConsoleInputEvents ReadConsoleInputW FillConsoleOutputCharacterW FillConsoleOutputAttribute GetConsoleCursorInfo SetConsoleCursorInfo GetConsoleScreenBufferInfo SetConsoleCursorPosition SetConsoleTextAttribute WriteConsoleInputW CreateDirectoryW FlushFileBuffers GetDiskFreeSpaceW GetFileAttributesW GetFileInformationByHandle CreateEventW RtlCaptureContext GetFullPathNameW ReadFile RemoveDirectoryW SetFilePointerEx SetFileTime MapViewOfFile FlushViewOfFile UnmapViewOfFile CreateFileMappingA ReOpenFile CopyFileW MoveFileExW CreateHardLinkW GetFileInformationByHandleEx CreateSymbolicLinkW InitializeCriticalSection EnterCriticalSection LeaveCriticalSection TryEnterCriticalSection DeleteCriticalSection InitializeConditionVariable WakeConditionVariable WakeAllConditionVariable SleepConditionVariableCS ReleaseSemaphore ResumeThread GetNativeSystemInfo GetProcessAffinityMask SetThreadAffinityMask CreateSemaphoreA SetConsoleCtrlHandler GetCurrentDirectoryW GetLongPathNameW RtlUnwind CreateIoCompletionPort ReadDirectoryChangesW GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableW SetCurrentDirectoryW GetTempPathW GlobalMemoryStatusEx FileTimeToSystemTime K32GetProcessMemoryInfo SetHandleInformation CancelIoEx CancelIo SwitchToThread SetFileCompletionNotificationModes LoadLibraryExW SetErrorMode GetQueuedCompletionStatus ConnectNamedPipe SetNamedPipeHandleState PeekNamedPipe CreateNamedPipeW CancelSynchronousIo GetNamedPipeHandleStateA GetNamedPipeClientProcessId GetNamedPipeServerProcessId TerminateProcess GetExitCodeProcess UnregisterWaitEx LCMapStringW DebugBreak GetModuleHandleA LoadLibraryExA GetStartupInfoW GetModuleFileNameA GetVersionExA SetProcessAffinityMask GetComputerNameA FlsFree FlsSetValue FlsGetValue FlsAlloc GetCPInfo RtlLookupFunctionEntry GetFinalPathNameByHandleW RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter IsProcessorFeaturePresent IsDebuggerPresent InitializeSListHead RtlUnwindEx RtlPcToFileHeader RaiseException SetStdHandle GetCommandLineA GetCommandLineW CreateThread ExitThread FreeLibraryAndExitThread GetDriveTypeW SystemTimeToTzSpecificLocalTime ExitProcess GetFileAttributesExW SetFileAttributesW GetConsoleOutputCP CompareStringW GetLocaleInfoW IsValidLocale GetUserDefaultLCID EnumSystemLocalesW HeapReAlloc GetTimeZoneInformation HeapSize SetEndOfFile FindFirstFileExW IsValidCodePage GetOEMCP GetFileSizeEx GetShortPathNameW CompareStringEx LCMapStringEx InitializeCriticalSectionEx WaitForSingleObjectEx GetExitCodeThread SleepConditionVariableSRW EncodePointer DecodePointer |
USER32.dll |
GetLastInputInfo
MessageBoxW GetProcessWindowStation TranslateMessage GetUserObjectInformationW ShowWindow DispatchMessageA GetSystemMetrics MapVirtualKeyW GetMessageA |
SHELL32.dll |
SHGetSpecialFolderPathA
|
ole32.dll |
CoInitializeEx
CoUninitialize CoCreateInstance |
ADVAPI32.dll |
SystemFunction036
GetUserNameW ReportEventW RegisterEventSourceW DeregisterEventSource CryptEnumProvidersW CryptSignHashW CryptDestroyHash CryptCreateHash CryptDecrypt CryptExportKey CryptGetUserKey CryptGetProvParam CryptSetHashParam CryptDestroyKey CryptReleaseContext CryptAcquireContextW CreateServiceW QueryServiceStatus CloseServiceHandle OpenSCManagerW QueryServiceConfigA DeleteService ControlService StartServiceW OpenServiceW LookupPrivilegeValueW AdjustTokenPrivileges OpenProcessToken LsaOpenPolicy LsaAddAccountRights LsaClose GetTokenInformation |
bcrypt.dll |
BCryptGenRandom
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.21.2.0 |
ProductVersion | 6.21.2.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
CompanyName | www.xmrig.com |
FileDescription | XMRig miner |
FileVersion (#2) | 6.21.2 |
LegalCopyright | Copyright (C) 2016-2024 xmrig.com |
OriginalFilename | xmrig.exe |
ProductName | XMRig |
ProductVersion (#2) | 6.21.2 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-Mar-23 06:41:23 |
Version | 0.0 |
SizeofData | 1176 |
AddressOfRawData | 0x58f0b4 |
PointerToRawData | 0x58e4b4 |
StartAddressOfRawData | 0x14058f570 |
---|---|
EndAddressOfRawData | 0x14058f598 |
AddressOfIndex | 0x14085e4b4 |
AddressOfCallbacks | 0x14041bdf8 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_8BYTES
|
Callbacks |
0x00000001403DF81C
|
Size | 0x138 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1405c8118 |
XOR Key | 0x79ee7c47 |
---|---|
Unmarked objects | 0 |
ASM objects (30795) | 12 |
C++ objects (30795) | 204 |
C objects (30034) | 19 |
ASM objects (30034) | 10 |
C++ objects (30034) | 95 |
C objects (30795) | 25 |
Total imports | 390 |
Imports (30795) | 23 |
C objects (30154) | 818 |
C++ objects (LTCG) (30154) | 264 |
ASM objects (30154) | 3 |
Resource objects (30154) | 1 |
151 | 1 |
Linker (30154) | 1 |