xworm | test2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

test2.exe
Size

38KB
MD5

34dc8e721faf6da7b5e72f63d52acd80
SHA1

ab80efdbb760d6c47ef57b98ef95b89035bd5d5c
SHA256

d4dd82bd64b65a3163c0b119193497aa37b44405cc781757c5530ee8709a3662
SHA512

5b9f415e81bf4a5fbf9e2991e3522f74b8d1b89856a8c305b67c75a2e8d36105c8b9f3786f87ce9a219dbcfa772423f4026d3a8a9a2c877d4fdf1b5adb885378
SSDEEP

768:GzpMBIG6trLIuv+044PF5Ph9tUOwhLICFYCgcL:G6P+LfdFD9tUOwm8zp

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

employees-spa.at.ply.gg:34554

Mutex

Nbene03ipkWaPK6l

Attributes

install_file
USB.exe

aes.plain

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
test2.exe

Files

test2.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ