xworm | bMOy[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bMOy.exe
Size

30KB
MD5

35382d2b5f0cbf1adfffd331c144dadf
SHA1

d0e46f8bca36d9af2ea917fbcd082fe63e0bf868
SHA256

71a2fe2a79055b9aca04daaa8288730f1027c0b186e2f10718b21e2d1e89355d
SHA512

1edd391c6dbb92a89407c3cf20a152e57dd1f3172b70164260849091f71685fa6ffdbd31feca2c12928ff7126ebe77d003189fb7479d786ed68a15a00273281b
SSDEEP

384:5eAwIGmeffcbWICWv/0ILZGPch0hYACSqRSMg2uRugtFuBLTIOZw/WVnvn9IkVug:zecbl/b3hMYAoRSF2uBFE9RUOqh/bO

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

64.235.61.43:42069

Mutex

MfyggCiMPhVIrsai

Attributes

install_file
USB.exe

aes.plain

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bMOy.exe

Files

bMOy.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ