DigitalSide Threat Intel

minerxd.exe

First submission 2023-09-15 10:41:06

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 5282.0 KB (5408768 bytes)
Compile time: 1970-01-01 01:00:00
MD5: 0e9cc5c2145bae2f6ab41f186dac87d1
SHA1: 3a495afddc1ed60ecc5c403a6e9dcdc53516ca35
SHA256: 0949ed19896c7add471a5caa7fd5018113d602921a185d911f0cbbadb0ce35c8
Import Hash : 0fdd3d21d2193b717f076a70dfaa659c
Sections 11 .text .data .rdata .pdata .xdata .bss .idata .CRT .tls .rsrc .reloc
Directories 4 import resource tls relocation
Virus Total: 21/71 VT report date: 2023-09-15 01:13:18

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://128.199.11.249/minerxd.exe VirusTotal Report 128.199.11.249 VirusTotal Report 2023-09-15 10:41:06

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x6998 27136 431eb09899fb35692f1e9164f413858d15c5dae1 6b7b91c071d02753b48b73b175bfef7d
.data 0x8000 0x51df20 5365760 7d92af80f26dc6c3a34a8fa1c3efb80b2c30a8cb bd2c9d7fb4a179da00983a9a80c0c1a4
.rdata 0x526000 0x1c40 7680 7391290afa33325345514645a684542e09f45a06 299b7e3d6ff186ba0267a41fa421ca3d
.pdata 0x528000 0x5c4 1536 5a54f5bdea55e20b828a1aa08692c3dfaeba7bbb 293a905b77181d61e06d93b89da844fc
.xdata 0x529000 0x470 1536 e0cfa40225649d4fdd60b3e5890d358046a810de ebc8c7ccec69adebc99d0e8fe29f1427
.bss 0x52a000 0x1760 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x52c000 0x5e4 1536 54c4c2a1720edf800bffb96c49b4fc59200e7b2b 090e30796128a2b1b1aa604edf4098dd
.CRT 0x52d000 0x60 512 2fd079d5706c0b4134513d648912fee93293b2b3 75348dc9a185314e51f59664683a2ef9
.tls 0x52e000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x52f000 0x380 1024 8efc0dddafb78db163b3107ac6fae318df7d2db0 3ac2b1cb4b3b37619342015aa4b974a4
.reloc 0x530000 0x78 512 f2cfa881ecaab8732f3c6acc64be28ca2cd15b74 73701076152699c1ca51da89a4a81723

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x52f058 805

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 1

GetLastError

Strings analysis - File found

Library
KERNEL32.dll
MSVCRT.dll

Import functions

Function Address Souspicious Anti Debug
DeleteCriticalSection 0x14052c198
EnterCriticalSection 0x14052c1a0
GetLastError 0x14052c1a8
InitializeCriticalSection 0x14052c1b0
LeaveCriticalSection 0x14052c1b8
SetUnhandledExceptionFilter 0x14052c1c0
Sleep 0x14052c1c8
TlsGetValue 0x14052c1d0
VirtualProtect 0x14052c1d8
VirtualQuery 0x14052c1e0
Function Address Souspicious Anti Debug
__C_specific_handler 0x14052c1f0
__getmainargs 0x14052c1f8
__initenv 0x14052c200
__iob_func 0x14052c208
__set_app_type 0x14052c210
__setusermatherr 0x14052c218
_amsg_exit 0x14052c220
_cexit 0x14052c228
_commode 0x14052c230
_fmode 0x14052c238
_initterm 0x14052c240
_onexit 0x14052c248
abort 0x14052c250
calloc 0x14052c258
exit 0x14052c260
fprintf 0x14052c268
fputs 0x14052c270
free 0x14052c278
malloc 0x14052c280
memset 0x14052c288
signal 0x14052c290
strlen 0x14052c298
strncmp 0x14052c2a0
vfprintf 0x14052c2a8
wcscat 0x14052c2b0
wcscpy 0x14052c2b8
wcslen 0x14052c2c0
wcsncmp 0x14052c2c8
wcsstr 0x14052c2d0
_wcsnicmp 0x14052c2d8
_wcsicmp 0x14052c2e0

Related files by ImpHash 3 0fdd3d21d2193b717f076a70dfaa659c

Name Latest seen MD5
XCheck.exe 2023-09-09 08:47:06 4d922b11d1ef79b6d15ec66d4884ca32
iexpress.exe 2023-09-08 18:25:07 b1274bf2b05820cbdf8c404723cf0c54
iexpress.exe 2023-09-09 08:34:06 fe5be27304af34b481120a35486df496