xworm | Sex Xe[.]exe | Triage

Sharing

General

Target

Sex Xe.exe
Size

55KB
MD5

3d30c7a81d8bf18a73cffacc846c8863
SHA1

fba65301d47756544428f83bcf24ed57fa431e85
SHA256

a398da321b19f80661444ebc2a9e4d59e3270975787dc015e987237867e8f1d8
SHA512

82b2d38e5681415f90b270db5809abe5c571db52d4f1706f0a03adf07fa5417b4611f33413fe57eb077a8f2e363e61d211ecc6c54f4962de3a3b27dbbcba7196
SSDEEP

768:9lLFUqECU5IigSwoyg0tNFgmXx2/bQ1GKnZzbWaGwbV0ea0jdeyjTO9hObEEw:HLg5PwVX60GazbWPwbV0ewyjTO9UY

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

bush-gain.at.ply.gg:43233

Attributes

install_file
USB.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Sex Xe.exe

Files

Sex Xe.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ