xworm | xsfimjRcHbdH[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

xsfimjRcHbdH.exe
Size

35KB
MD5

2141531f532f5196368b3b603a7c4a38
SHA1

93af8f7254b4aedbac88eb70b8810790566ba5a7
SHA256

f9171de76ea630a461f1764aa9c27fadf7e8fcbddfa7a2c3b44067867c029f05
SHA512

00285d25ecb8789f9e4fd81c58622ae038ce3bcb9b74feab4bfe8a59904337e150c5102c6658d5dd046092806f30a969a5bd821cacf4b399d3fa11b964ed1d89
SSDEEP

768:9z/uDT1IMaL6QWRe0nTvbIQF29Y8OMhfQo9:BuDxHauQ+vJF29Y8OMtz9

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

miopsbn.con-ip.com:7001

Mutex

PEO0gBdqbisQQfmE

Attributes

install_file
USB.exe

aes.plain

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xsfimjRcHbdH.exe

Files

xsfimjRcHbdH.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ