xworm | 000exe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

000exe.exe
Size

52KB
MD5

89d67189224fd60f77f1e52b2e034121
SHA1

e000172d355901aed51e44c758ab5eb83236ba23
SHA256

75137109b086bda82e60db19f97f6c5a8fb8ac0af2f5aecd23e81935a60f65dc
SHA512

bbebd1d507dac9e898bd55f134eb0a0c2e09de6f08c252f34cd69abf5233fb476575b2996b07264c111e8d7bbd6e87fd55e9fb41148a1c5d6a9fe9f8d525f3f6
SSDEEP

768:DcepfyWScfuJP+07SsAYPugXDKwAgzb/sCIWLID7yOCRh/9sdkmA1uaHiO:AufcPNNdugzb/sCIvDWOop9seuOB

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

209.25.141.2:43784

Attributes

install_file
ctfmon.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
000exe.exe

Files

000exe.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ