| 文件名 | xmrig.exe |
| 文件类型 |
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
| 扫描器版本 | 1.0.169.174 |
| 数据库版本 | 2024-03-17 12:00:22 UTC |
恶意软件家族: CoinMiner
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
1bef8e8b12a404ab83d07fbce2d1dc7d
|
|
| SHA1 |
44804f411b350d651878ab3d9bb576ae38e6db3f
|
|
| SHA256 |
4fdfcfd9a7aa5e9a9be2c2d3b621655030bbb0afa0d5feba1213aac73ff4fd32
|
|
| SHA512 |
84796861590e05508042131ea0cc51e46b5e980550550e87dc7578e569d585b2b439708e2546a29fd8e5b79b1a254fd380edfddaddc09e4ed31b169278772bab
|
|
| ImpHash |
b0ae45c93fc1e0883b4a246b7b4b4400
|
| 图标 |
哈希: e35ef5b40987be4a81b37bdb1b3a8730
模糊: 67b5702929aead99d08ec74265d272c5 dHash: e8f4b4d959d6a6f8 |
| 映像基址 | 0x140000000 |
| 入口点 | 0x1400013f0 |
| 编译时间 | 2024-03-17 10:21:41 |
| 校验和 | 0x007ff371 (实际: 0x007ff371) |
| 操作系统版本 | 4.0 |
| PEiD 签名 |
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
| 数字签名 | The PE file does not contain a certificate table. |
| 导入 |
10 库
ADVAPI32, CRYPT32, IPHLPAPI, KERNEL32, msvcrt, ole32, SHELL32, USER32, USERENV, WS2_32 |
| 导出 | 0 函数 |
| 资源 | 7 资源 |
| 节 | 11 节 |
| CompanyName | www.xmrig.com |
| FileDescription | XMRig miner |
| FileVersion | 6.21.1 |
| LegalCopyright | Copyright (C) 2016-2024 xmrig.com |
| OriginalFilename | xmrig.exe |
| ProductName | XMRig |
| ProductVersion | 6.21.1 |
| Translation | 0x0000 0x04b0 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
6,310,576 bytes | 6,310,912 bytes | 6.50 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
0FA0492BFC4B9E71C113FDF69217DF02 |
.data |
0x00606000 |
66,976 bytes | 67,072 bytes | 3.30 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
CBDC7A6623C297CC7DA9225F39B2CCC2 |
.rdata |
0x00617000 |
1,438,640 bytes | 1,438,720 bytes | 6.47 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
DE273C3A72D3894C3C60CBA247F74078 |
.pdata |
0x00777000 |
193,692 bytes | 194,048 bytes | 6.37 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
70327B5907774EC3314966F46C45C2B9 |
.xdata |
0x007a7000 |
245,632 bytes | 245,760 bytes | 5.01 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
CF8280D58228DA35DC79C62988A4C876 |
.bss |
0x007e3000 |
3,279,264 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x00b04000 |
18,016 bytes | 18,432 bytes | 4.61 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
42004E7EF9E0B840D80E269108252E1F |
.CRT |
0x00b09000 |
104 bytes | 512 bytes | 0.39 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
220326D919C491BA90D60BA888555E91 |
.tls |
0x00b0a000 |
16 bytes | 512 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.rsrc |
0x00b0b000 |
23,784 bytes | 23,784 bytes | 5.54 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
5478BB4240CE4721A2DFDF99CD576CA3 |
.reloc |
0x00b11000 |
36,512 bytes | 36,864 bytes | 5.45 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
7F256305D5EE12077779F879F3D7622E |
1 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 4 | 21,427 字节 | |
| RT_GROUP_ICON | 1 | 62 字节 | |
| RT_VERSION | 1 | 652 字节 | |
| RT_MANIFEST | 1 | 1,167 字节 |
此文件未进行数字签名。
⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。
The PE file does not contain a certificate table.
建议: 验证文件来源并确保它来自可信的发布者.
按照以下步骤完全从系统中移除威胁
