a198b777e1edc475091c9fb0d4ecc530

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Jul-27 03:03:23
Detected languages English - United States
TLS Callbacks 1 callback(s) detected.
OriginalFilename xmrig.exe

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Looks for VMWare presence:
  • vmtools
Contains references to mining pools:
  • stratum+tcp://
Contains domain names:
  • donate.ssl.xmrig.com
  • donate.v2.xmrig.com
  • https://xmrig.com
  • nicehash.com
  • ssl.xmrig.com
  • v2.xmrig.com
  • xmrig.com
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Uses constants related to SHA512
Uses constants related to AES
Uses constants related to Blowfish
Uses known Diffie-Helman primes
Microsoft's Cryptography API
Suspicious The PE is possibly packed. Unusual section name found: _TEXT_ad
Unusual section name found: _RANDOMX
Unusual section name found: _SHA3_25
Unusual section name found: _TEXT_CN
Unusual section name found: _TEXT_CN
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryW
  • LoadLibraryExW
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
  • NtQuerySystemInformation
Can access the registry:
  • RegCreateKeyA
  • RegSetValueA
  • RegQueryValueExA
  • RegSetValueExA
  • RegOpenKeyExA
Uses Microsoft's cryptographic API:
  • CryptAcquireContextA
  • CryptGenRandom
  • CryptEnumProvidersW
  • CryptSignHashW
  • CryptDestroyHash
  • CryptCreateHash
  • CryptDecrypt
  • CryptExportKey
  • CryptGetUserKey
  • CryptGetProvParam
  • CryptSetHashParam
  • CryptDestroyKey
  • CryptReleaseContext
  • CryptAcquireContextW
Can create temporary files:
  • CreateFileW
  • CreateFileA
  • GetTempPathW
Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Has Internet access capabilities:
  • URLDownloadToFileA
Leverages the raw socket API to access the Internet:
  • #111
  • #19
  • #16
  • #112
  • #15
  • WSASend
  • #10
  • #18
  • WSARecvFrom
  • WSAIoctl
  • #9
  • #22
  • WSASocketW
  • #5
  • WSARecv
  • FreeAddrInfoW
  • GetAddrInfoW
  • #57
  • #8
  • #23
  • #21
  • #13
  • #3
  • #2
  • #116
  • #115
  • #7
  • #6
Functions related to the privilege level:
  • AdjustTokenPrivileges
  • OpenProcessToken
Interacts with services:
  • CreateServiceW
  • QueryServiceStatus
  • OpenSCManagerW
  • QueryServiceConfigA
  • DeleteService
  • ControlService
  • OpenServiceW
Enumerates local disk drives:
  • GetDriveTypeW
Interacts with the certificate store:
  • CertOpenStore
Malicious VirusTotal score: 23/71 (Scanned on 2020-08-01 02:46:57) MicroWorld-eScan: Gen:Variant.Razy.704958
ESET-NOD32: a variant of Win64/CoinMiner.QG potentially unwanted
APEX: Malicious
ClamAV: Win.Coinminer.Generic-7151250-0
Kaspersky: not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
BitDefender: Gen:Variant.Razy.704958
Ad-Aware: Gen:Variant.Razy.704958
Sophos: XMRig Miner (PUA)
Invincea: heuristic
FireEye: Generic.mg.a198b777e1edc475
Emsisoft: Gen:Variant.Razy.704958 (B)
SentinelOne: DFI - Suspicious PE
Endgame: malicious (high confidence)
Arcabit: Trojan.Razy.DAC1BE
ZoneAlarm: not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen
GData: Gen:Variant.Razy.704958
AhnLab-V3: Win-Trojan/Miner3.Exp
ALYac: Gen:Variant.Razy.704958
MAX: malware (ai score=81)
Rising: HackTool.CoinMiner!1.B971 (CLASSIC)
Ikarus: PUA.CoinMiner
Cybereason: malicious.c09ad5
Qihoo-360: Win32/Virus.RiskTool.435

Hashes

MD5 a198b777e1edc475091c9fb0d4ecc530
SHA1 4aef070c09ad5051dd1020bc3367fff3e6b8f2c8
SHA256 527dd3087575373c9c2843dd001daf6ed71d440f0f17703880f4a9b9b253c427
SHA3 add9fc1fb9b4411edb3624237fbbb3a8e20e3c5bfc97f3e8e57433c30363ed02
SSDeep 98304:UNdlxxZQOViIsP12huuM61naf13xuBm2+b:UNdlK12huuM61nk134Qlb
Imports Hash 1d55f3512860814d73a9004d976e8a82

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x120

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 11
TimeDateStamp 2020-Jul-27 03:03:23
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2ed600
SizeOfInitializedData 0x4a1400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000029DDE4 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x795000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 7b04651b843a1a59a67037e317f8e035
SHA1 60d60f98fb2e5c0d9fd206b70816e6e4e8373b76
SHA256 9f8752fdd01f71a2b007d2d6254f2f18307e6eb7c50deb6772edc0b4eb657dd0
SHA3 48838c94af76d8c205b921c15970c55361a0b005fffbe0ceed25a1fa1986f91c
VirtualSize 0x2ed420
VirtualAddress 0x1000
SizeOfRawData 0x2ed600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.50391

.rdata

MD5 ecf61421fb1037ed2b832e09a1a58080
SHA1 059c6aa4c87f24e50fef89c1109610fb54d6b27c
SHA256 8e925cc2ed2ffa2303d084903b0db93c0c01b92910e226328897fe86ec8cf437
SHA3 d2fb9d27750674274a7dc3be6fec52d0a8e304e99d348c1378555d4101de5721
VirtualSize 0x1346bc
VirtualAddress 0x2ef000
SizeOfRawData 0x134800
PointerToRawData 0x2eda00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.90846

.data

MD5 36bc1caaa650a8facdbb90e17fccd002
SHA1 34bdb674d563f5bd3f58a50c41c9d88d0467a978
SHA256 a8bb561f454615fada46b159d4a0ec0a0d8976d6cb2794a80893b4f86a5a2bd2
SHA3 ae11128aaa8f1f63c7a46621e8ae3eefe8d44892c5fea612a948ec2f40c1b386
VirtualSize 0x333da0
VirtualAddress 0x424000
SizeOfRawData 0x12200
PointerToRawData 0x422200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.97091

.pdata

MD5 73ff48ddc5ccf1b4cf9e11bb39729f3e
SHA1 ff069044025667d0de5ab4447c85ccb2481c85ef
SHA256 01d4cae0b59d40b572e5ddea4126b9d552c40e1f477073f120d1ce5e1d002ffa
SHA3 c24c425524ee30649b3aa7e6c83fce0ca78da47638012c7bb232353dd439a98d
VirtualSize 0x1ef3c
VirtualAddress 0x758000
SizeOfRawData 0x1f000
PointerToRawData 0x434400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.29379

_TEXT_ad

MD5 4667155b067cd73d2bce93370909a00c
SHA1 876977179e2432dd092d433e720c5644cf4b4efb
SHA256 f15a5b6ff92b1e600b5c472e4bffa1032ece0e5e3aed2146b934b0eb62fea296
SHA3 2bf4d3282681ac60ba372aeaee59247ffb56f4d63187f88d2ed2d2d9a5493b64
VirtualSize 0x7
VirtualAddress 0x777000
SizeOfRawData 0x200
PointerToRawData 0x453400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.0611629

_RANDOMX

MD5 b182bf6976fc56dcc30743b1e5cbdaae
SHA1 e2c8b45a787b045df40500ebdf6ee547a5f7b889
SHA256 a4b0f5a526f50645ed35b54605f84546829c014dd61d948279dfc9a8510342a5
SHA3 14f9f11d271d5c82b7eab95e6dd20f5602983ac54eecf5120f6834191aa3d044
VirtualSize 0x656
VirtualAddress 0x778000
SizeOfRawData 0x800
PointerToRawData 0x453600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.18245

_SHA3_25

MD5 c14f9aad5e95192cd7523ba6675549fd
SHA1 1e0ed87b288785d031216f9fef8a038f36a823a3
SHA256 14475aa8e267606c3afb755028927daf9be4fa79973b697cde8e21f58daa6e83
SHA3 b1b3a5331b9a021a8793cb08d7282927880f6e8bde2e9553515265539504ff7f
VirtualSize 0x940
VirtualAddress 0x779000
SizeOfRawData 0xa00
PointerToRawData 0x453e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.58316

_TEXT_CN

MD5 6a7f77e47f77f65bef85036ae5a71106
SHA1 317201314b5f3e12f88eacef2a87bc8dad03a6ed
SHA256 7682a937b3193b26b97f1f56a631fdee93289b69ecfefc926a95ebd8b8a38732
SHA3 a6e8b6125874204173800836305d18a11d4f0461c9059d7897081fd324592a8a
VirtualSize 0x18ce
VirtualAddress 0x77a000
SizeOfRawData 0x1a00
PointerToRawData 0x454800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.00097

_TEXT_CN (#2)

MD5 409bf3f918f2402291cb56c2e9354b47
SHA1 4992a8b9c3e33a7f8659bd20066f907134f7c337
SHA256 97edf367117028c754aed0c10748bfa55d73a87af588af16d5b24610e1652b08
SHA3 a8379e211aa90421ff01b9567092fde1be282d339ea986b42067baed4539be96
VirtualSize 0x1184
VirtualAddress 0x77c000
SizeOfRawData 0x1200
PointerToRawData 0x456200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.04792

.rsrc

MD5 d9efeb941a667e647eb293eef37e2266
SHA1 156c7b4d51762cc90852ab6ce3439d446dc0e1f4
SHA256 d323e1214d83c83f99de9084673e77d51eed5e891226fe4ace799fc2d7589805
SHA3 8bb3fdec37432950cca10b60108ef7d28c808b3e38712531eeac12e7e9a3cb46
VirtualSize 0xd6d8
VirtualAddress 0x77e000
SizeOfRawData 0xd800
PointerToRawData 0x457400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.73577

.reloc

MD5 997a40d4b51f05627f8ef6678536d6e6
SHA1 cd82c00c686bc2efb563345d5f00c74932592057
SHA256 d07ec8abaec234b22ab66422cfeaba8545a962f41afcfd6bf830df9b574a0a1b
SHA3 c7dc89a32c17dfa08991c470885528525f5c0bf2f9daf92bd967d0fd5458b56a
VirtualSize 0x8558
VirtualAddress 0x78c000
SizeOfRawData 0x8600
PointerToRawData 0x464c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.45254

Imports

WS2_32.dll #111
#19
#16
#112
#15
WSASend
#10
#18
WSARecvFrom
WSAIoctl
#9
#22
WSASocketW
#5
WSARecv
FreeAddrInfoW
GetAddrInfoW
#57
#8
#23
#21
#13
#3
#2
#116
#115
#7
#6
PSAPI.DLL GetProcessMemoryInfo
IPHLPAPI.DLL GetAdaptersAddresses
USERENV.dll GetUserProfileDirectoryW
CRYPT32.dll CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertFindCertificateInStore
CertOpenStore
KERNEL32.dll ExpandEnvironmentStringsA
GetModuleFileNameA
FindFirstFileA
GetCurrentProcess
FindNextFileA
GetEnvironmentVariableA
FindClose
GetFileAttributesA
CloseHandle
ExitProcess
MultiByteToWideChar
SetPriorityClass
SetThreadPriority
GetCurrentThread
GetProcAddress
GetModuleHandleW
FreeConsole
GetConsoleWindow
VirtualProtect
VirtualFree
VirtualAlloc
GetLargePageMinimum
LocalAlloc
GetLastError
LocalFree
FlushInstructionCache
DeviceIoControl
GetModuleFileNameW
CreateFileW
GetCurrentThreadId
AddVectoredExceptionHandler
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetFileType
WriteFile
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
LoadLibraryW
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RegisterWaitForSingleObject
UnregisterWait
GetConsoleCursorInfo
DuplicateHandle
PostQueuedCompletionStatus
QueueUserWorkItem
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
CreateFileA
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
VerifyVersionInfoA
SetEnvironmentVariableW
InitializeCriticalSection
GetTempPathW
GetVersionExW
FreeEnvironmentStringsW
LoadResource
FileTimeToSystemTime
QueryPerformanceFrequency
LockResource
GetSystemInfo
GetCurrentDirectoryW
SetCurrentDirectoryW
VerSetConditionMask
GlobalMemoryStatusEx
GetEnvironmentStringsW
CreateDirectoryW
ReadFile
GetFileInformationByHandleEx
GetFileSizeEx
GetDiskFreeSpaceW
RemoveDirectoryW
GetFinalPathNameByHandleW
SetFileTime
ReOpenFile
CreateHardLinkW
GetFileAttributesW
UnmapViewOfFile
GetFileInformationByHandle
FlushViewOfFile
SetFilePointerEx
CreateFileMappingA
MoveFileExW
CopyFileW
CreateSymbolicLinkW
MapViewOfFile
FlushFileBuffers
SetConsoleCtrlHandler
Sleep
GetLongPathNameW
RtlUnwind
ReadDirectoryChangesW
CreateIoCompletionPort
CancelIo
SetHandleInformation
CreateEventA
SetFileCompletionNotificationModes
FormatMessageA
LoadLibraryExW
SetErrorMode
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
SetNamedPipeHandleState
CreateNamedPipeW
PeekNamedPipe
WaitForSingleObject
CancelSynchronousIo
GetNamedPipeHandleStateA
CancelIoEx
SwitchToThread
ConnectNamedPipe
TerminateProcess
UnregisterWaitEx
LCMapStringW
GetExitCodeProcess
SleepConditionVariableCS
TryEnterCriticalSection
ReleaseSemaphore
WakeConditionVariable
InitializeConditionVariable
ResumeThread
SetEvent
GetNativeSystemInfo
CreateSemaphoreA
GetModuleHandleA
DebugBreak
GetStartupInfoW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
GetThreadTimes
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
SizeofResource
GetConsoleMode
SetConsoleMode
FreeLibraryAndExitThread
InterlockedPopEntrySList
FindResourceW
GetStdHandle
SetConsoleTitleA
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetCommandLineA
GetCommandLineW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
SetStdHandle
GetConsoleCP
GetFileAttributesExW
SetFileAttributesW
ExitThread
GetACP
HeapReAlloc
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
GetFullPathNameW
SetEndOfFile
GetTimeZoneInformation
FindFirstFileExA
IsValidCodePage
GetOEMCP
SetEnvironmentVariableA
GetProcessHeap
GetShortPathNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetStringTypeW
GetLocaleInfoW
CompareStringW
GetTickCount
CreateEventW
GetCPInfo
WaitForSingleObjectEx
GetExitCodeThread
EncodePointer
DecodePointer
USER32.dll TranslateMessage
DispatchMessageA
GetProcessWindowStation
ShowWindow
MessageBoxW
GetUserObjectInformationW
MapVirtualKeyW
GetSystemMetrics
GetMessageA
SHELL32.dll ShellExecuteExA
SHGetSpecialFolderPathA
ADVAPI32.dll CryptAcquireContextA
CryptGenRandom
GetUserNameW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
QueryServiceConfigA
DeleteService
ControlService
StartServiceW
OpenServiceW
LookupPrivilegeValueW
AdjustTokenPrivileges
LsaOpenPolicy
LsaAddAccountRights
LsaClose
RegCreateKeyA
RegSetValueA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
GetTokenInformation
urlmon.dll URLDownloadToFileA
ntdll.dll RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemInformation
bcrypt.dll BCryptGenRandom

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xd228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.65512
MD5 8169bae42bb2b7aecb873df66d7f9ca2
SHA1 de971ed6fdf6d22089d49c5d870742866dde04df
SHA256 e611a23ac6de9ae8a81a698dc6f3ac55580ba7b6fe95b223bb906942df9a0176
SHA3 374e8d24f8c1bc7b888d214fcf1f06fb48717b3cb322f7ad2f56458b29dc1700

101

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.01924
Detected Filetype Icon file
MD5 95a748887c173a3d92a9213fac7fac78
SHA1 c560c9dcace07f0b0ca35cdb9461dc6d1b7533fe
SHA256 289d7eefbc7798905c91badc69da6071dddff63610b095041e83068b6da850fc
SHA3 0e2c994139555d21e74baabee761e026203b2d922c8653cad31a9e6705283248

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x1e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.15609
MD5 67b98aa9e253a75b1a58737fa24cbfe2
SHA1 689299c7c1a4734b4e488ebf3745dc5fd250bcfc
SHA256 d220d00b3cdcc3a49e1443c2fc6b45063b64188bf346cec511c0a08a6f71ad65
SHA3 c6a332003bbef71f7e1beda56a1fc30a79cc3d015df949e5e3e21d0a14aaac17

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 6.2.3.0
ProductVersion 6.2.3.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
OriginalFilename xmrig.exe
Resource LangID English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-Jul-27 03:03:23
Version 0.0
SizeofData 1208
AddressOfRawData 0x3f2ac4
PointerToRawData 0x3f14c4

TLS Callbacks

StartAddressOfRawData 0x1403f2fa0
EndAddressOfRawData 0x1403f2fbc
AddressOfIndex 0x1404394c8
AddressOfCallbacks 0x1402efdb0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x000000014029DB34

Load Configuration

Size 0x100
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140429598

RICH Header

XOR Key 0x199b51cb
Unmarked objects 0
C objects (24610) 24
ASM objects (24610) 13
C++ objects (24610) 188
199 (41118) 4
ASM objects (VS 2015/2017 runtime 26706) 9
C++ objects (VS 2015/2017 runtime 26706) 128
C objects (VS 2015/2017 runtime 26706) 38
C objects (27042) 16
Imports (24610) 25
Total imports 365
C objects (VS2017 v15.9.14-15 compiler 27032) 564
265 (27042) 256
ASM objects (27042) 5
Resource objects (27042) 1
151 1
Linker (27042) 1

Errors