xworm | money[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

money.exe
Size

60KB
MD5

587bb8b19c0a2a244bf3ec03fd01e4c2
SHA1

d1c8f61c0b12d0180d696a6d6b74a95a4d4d8a70
SHA256

d88725da4c60dcc36cbff8a4aa745d8dfeb62c6aacb873607b87d11d7abbd1a8
SHA512

6250911ce11f3d4258ef5979452b5d2cda3e8b7e86b0860dac377c009f85d3c510bc03be3545662cd1470a6af1319064f43fa87976dd85f1a4464c04b41b6f1f
SSDEEP

1536:O8rvgzzb1b+QzwILWbBQIqZbHdj3/OgbqiOsF7UjJk:O8rvgzP16QdLWbNqZbHdj2g+iOsF7+k

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

ways-examining.at.ply.gg:18120

Attributes

install_file
USB.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
money.exe

Files

money.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ