xworm | Startup808[.]exe | Triage

Sharing

General

Target

Startup808.exe
Size

89KB
MD5

a70c18e10d0354343abd35f8ac58fa44
SHA1

b23db8f93db6698e94759c6f70dc7c0613fb9991
SHA256

7fbe457642ca009844b0d1b1954a8bef366106e5c57aa14f8d2a21ba068ebf3d
SHA512

7dd69b4e49d129a778361d7fc169bbd416ec528fe135deaafcb121f51727794b96b7490f1542d8b4eb669b2499cb25d33ffeb0d522bf660b7fc75489ee73d02d
SSDEEP

768:b1+fVlEijbCNYyYLIJVBk6uiKdVCvImRDdQSyYrPf1nFoxWyGPrw6T:bkX4NyIgmdDQgJFoEyIrLT

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Mutex

FXmrprvXafQA5uOz

Attributes

install_file
USB.exe

aes.plain

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Startup808.exe

Files

Startup808.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ