Behavioral task
behavioral1
Sample
Roblox_hack.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Roblox_hack.exe
Resource
win10v2004-20230220-en
General
-
Target
Roblox_hack.exe
-
Size
42KB
-
MD5
02863ab73536fc2be8ad9e34b8fe6702
-
SHA1
a79e78ca29d270c59cf85c959a8d361b0a822f42
-
SHA256
bbae7da8e620e2dd1022c51156d0f94aad5e5429aa94baf972479f701118bb25
-
SHA512
019f2395fc2bb376b5d20170e74541604bdd16da1428338009a9c3d482f89b943d0ba8c233a9a180443da48f59ab5ee06477ff4f4cffa546537d6c3b3b55353c
-
SSDEEP
768:IywCo3fexwqRDlDdH4Uu8jEl/CIg9N3hcDppryOz:isDdYUdElJg9fcjLz
Malware Config
Extracted
xworm
0.tcp.eu.ngrok.io:16485
1OD4UvJ1J2aUIG7x
-
install_file
USB.exe
Signatures
-
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Roblox_hack.exe
Files
-
Roblox_hack.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ