XWorm V4[.]1[.]exe | Triage

Resubmissions

18-05-2023 14:39

230518-r1pw4abe8s 7

Sharing

General

Target

XWorm V4.1.exe
Size

16.1MB
MD5

ed4b2bfaab042b706f8033b911c2c662
SHA1

1a6e90f8617bc9ed856a0bf261c36f15dc8f8f60
SHA256

53c1ef69f9babde3d2dbd822edc3cf33de4bb7e9bb8d21e418a386edb5694b54
SHA512

ee8db1a2b5a0d81cda1ac766827d3defd5ed699c5e0b74777de922e64ab2b9e43f91ecbe6a449e5fcd62160f0909a3a0ed6b1bdf70f72d7ba6fe941b54009fd8
SSDEEP

196608:1YYSTFTqtzJ3jwi+mF4yxIdLH1ETeyXknzFW66S/gIxzqWDbDn:9yLL1ETeVWSmWDbDn

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
agilenet

Processes:

resource yara_rule

sample agile_net
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

XWorm V4.1.exe

Files

XWorm V4.1.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 16.0MB - Virtual size: 16.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ