xworm | 4aa9ae28df737eb625500d63da3a1bf1[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4aa9ae28df737eb625500d63da3a1bf1.bin
Size

43KB
MD5

e242c240f48479cab7cf4d980f0b58a5
SHA1

dbb9f82a8887dec01c15bfc0b9ffe34d34e48e13
SHA256

92c3ee7d21cb1ad07f4f311204dad583a92298ec1e1baa6ba6c564608586ca4c
SHA512

f04dda5b00593abba0eebc3d262ea8692f468c99b76572677fee2008d52ad9df0d353850290f4174d2e8caf779e8e622cfa650f38f53a1783bc7fab926acf9bc
SSDEEP

768:ZgOe3TDT6wi5b8qjiYPsvAWCQoDwUcV4k6SzO9T/7mf9D3UcUpO8D0xN+k5AGej+:q/D/6wmiEsvAfQoE3Z6SSq3UNeDAG

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

even-house.at.ply.gg:40766

Attributes

install_file
USB.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/607abd84eddaa303f3d6c496a8887eccc12ed20d8bf737b746c609f6989aad6f.exe

Files

4aa9ae28df737eb625500d63da3a1bf1.bin
.zip

Password: infected
607abd84eddaa303f3d6c496a8887eccc12ed20d8bf737b746c609f6989aad6f.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ