xworm | clientexe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

clientexe.exe
Size

49KB
MD5

b7d68d4dd8db46f356fdf79f1478dd21
SHA1

6d5f6be8a587b2927a92a9a42c7c7cf09e8ec9bd
SHA256

a754ec52676043b48547386070817805a87e8fd30a886e9e400e220dd827b89b
SHA512

4425184f3992e2f11135778b97d20a9eeaea050a736404abe5ef7e5d5367c9d949885dfbff105b67a0a4811bb2d12d2df01dd680e14d6c0ffc58ed0a64ffac73
SSDEEP

1536:M/cYfGr6GBMzh2bAoUHeegeD3blCgIzbA03PvCLd9iEZ8:f6vztEbA0fUd9ia8

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

topics-junior.at.ply.gg:45283

Attributes

install_file
explorer.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
clientexe.exe

Files

clientexe.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ