xworm | LOADER[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

LOADER.exe
Size

64KB
MD5

9b71dce86f7f4d4875048e480602a8c5
SHA1

656890588989b4ebd92f991800cc84573b0e0ce3
SHA256

4c49562e83b7c3563dbb48982b45d9c8faf8838f5b173f14412a72e633f326ae
SHA512

e7c247bc4b522d45faeb31ce44826e3954e4a13b54919997afd93e5aa559bfafea82472586bd7ebf6993a7bb8e046c5cbfdf0bfd42d5597a03a51e259e584996
SSDEEP

1536:LZxMLBb/IbktkOesowlJIjwHbyZc8wY4tsvw6NX4nOiXWR:L4LuknVowzIEHbyZcMJzYOiXWR

Score

10^/10

xworm

Malware Config

Signatures

Xworm family
xworm

Files

LOADER.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ