xworm | XWorm[.]exe | Triage

Sharing

General

Target

XWorm.exe
Size

90KB
MD5

1dc0ce6f92aa7aaaaaec0bbf2cf0be94
SHA1

961e990d821b8ce87791f61d0f53a1cfa327dcd3
SHA256

bef2ed0a20aea417015b81a574c58ebe24eb97ee869519f5d0031a8335370226
SHA512

99b6827189b45ec08662c3648ba34588ff9c412ecc8f20b8d0c3806b372b1a09e1fc81a32251a1eece9415724585d1b72a038ad24c523696130900e706f60ac9
SSDEEP

768:JBISmPlxMcazgTKd3iz5RVw6zlDq3RzUJ/pJCxE85:JBIzmyt/w6h2RzkJCx5

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Mutex

UCLCU6390UZNp9OE

Attributes

install_file
USB.exe

aes.plain

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XWorm.exe

Files

XWorm.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ