Behavioral task
behavioral1
Sample
HEUR-Trojan.MSIL.DOTHETUK.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
HEUR-Trojan.MSIL.DOTHETUK.exe
Resource
win10v2004-20221111-en
General
-
Target
HEUR-Trojan.MSIL.DOTHETUK.gen-20d023d654dba4e16ec122b6339633eea418652a30d599a8c4a9bc3698d26b46
-
Size
41KB
-
MD5
2ae3a0c040d6570d55d82d06f3d31584
-
SHA1
e69f8b020a5ea66426f00458c535b2f0ce336329
-
SHA256
20d023d654dba4e16ec122b6339633eea418652a30d599a8c4a9bc3698d26b46
-
SHA512
d87b5cd1c1e9c5c7c1a188f3abceba227035e1b2a8ceba7861e0d5f415868c21d75db5af9808d396a50c5e13e9a42534bd5630caa6869a3d658a2982db24d48d
-
SSDEEP
768:eOQvBUsvIsEaxV0h/L9/1rsQhLOSyoZV65:eXlAbCGL9/x1OSZZV65
Malware Config
Extracted
xworm
PNfnJNqXASy2Le3d
-
install_file
USB.exe
-
pastebin_url
https://pastebin.com/raw/2L3vs8UY
Signatures
-
Xworm family
Files
-
HEUR-Trojan.MSIL.DOTHETUK.gen-20d023d654dba4e16ec122b6339633eea418652a30d599a8c4a9bc3698d26b46.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ