xworm | xy[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

xy.exe
Size

71KB
MD5

770d9830c5e3b4136dc27be291820359
SHA1

e5aee771a44cb6636502608d86a6964e443e6b63
SHA256

501a91f8a83d29cf6e5c931bc6c01ce91f951f5275c28ec70c31665cc1843b20
SHA512

4d4d62e5a7a5f93fe01b8da15ccf4db6fd501045ac43fd4a52cf4340fe63f95a68962254a6fd1e968b86288e4858a9700cfce22f5f5e6c9f3f3fc69545c8234b
SSDEEP

1536:vjUaGIVHXcb6ps/3fi8iabrqKB0n5HOdMfZt:v/PVHMb6qjiabrqa0n5HOdMfZt

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

0.tcp.in.ngrok.io:13016

Attributes

install_file
SystemConfig.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xy.exe

Files

xy.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ