popup

Report - xmrig.exe

PE File PE64
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2025.03.08 12:32 Machine s1_win7_x6401
Filename xmrig.exe
Type PE32+ executable (console) x86-64, for MS Windows
AI Score
2
 Behavior Score
2.2
ZERO API file : malware
VT API (file) 34 detected (BitCoinMiner, Ghanarava, Unsafe, malicious, confidence, GenericKD, Attribute, HighConfidence, high confidence, Obsidium, A suspicious, RiskTool, osbs, score, Generic Reputation PUA, Detected, XMRig, Wacatac, ABTrojan, LICM, R693252, Probably Heur, ExeHeaderL, Miner, B9nj)
md5 4e3c42b8c1558d124457f36cd2870274
sha256 64cdeac3128adb283282bbaad30a84004bd8477c5434ea022955bc56f8266436
ssdeep 98304:bD6B9LOZRGejAnztRDWEnHMMEtGfey96JXFXKLTeMIrSxXDE4i:H6n410L3H5EtGL87XKLTetoDvi
imphash d8dd267fc5c9e085e2e28dce80e1d3bf
impfuzzy 3:oTEKCByz0JSx2AEMbW2JLAzVYCTBye/HQ:omw7EMb1LAzOCTweY
  Network IP location

Signature (5cnts)

Level Description
danger File has been identified by 34 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (2cnts)

Level Name Description Collection
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

advapi32.dll
 0x1407c8064 RegisterEventSourceW
kernel32.dll
 0x1407c8084 GetModuleHandleA
shell32.dll
 0x1407c80a4 SHGetDiskFreeSpaceA
user32.dll
 0x1407c80c4 RegisterClassExW

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure