xworm | hhg[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hhg.exe
Size

71KB
MD5

bdae3aa0581f445fadf71afde9cf52b5
SHA1

ac91a118d53c5122bb83b07c6f1f7123f2f323d1
SHA256

ff9767e3286b08dbefe314d59d302e161e1fcb0c6b6c99ae4a1733252cd848b5
SHA512

65bf381ef05bffab1911df520531ea4a87c3b431074336bcacf23a8183273662e2d96d0842041798308a85c2db2f45e2820ebe21fc2a24398837567689ca7e44
SSDEEP

1536:A+zHAwDhmVtF1jBhznPMUOAydDybDm9fanccYO3sNea4Uj:A+TApXPvOAydubaEnaO3cNNj

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

209.25.141.181:39858

Attributes

install_file
ctfmon.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hhg.exe

Files

hhg.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ