xworm | hello[.]exe | Triage

Sharing

General

Target

hello.exe
Size

133KB
MD5

27d43df9fb6228ab9ec3482a528f1da6
SHA1

23b938e1caf2507ae797805f27ee66357ee0c53a
SHA256

d9048e7e5185fca63822a536674effaf47f434fd8bcd74018e5da09b5a7c1469
SHA512

30fb0f42d85b92102ac83dde0cadb0cdf1f19f2bafbb6174ce880aaf9c89a6dac201a3a461253543cac833fb12c5b10277bcf0c492eb2a0070e033b61ec632cc
SSDEEP

1536:u7K22GZXoCVg0vfiCTzbec/31ENYw649ApO4uMET1qxj751cNz0UCdkV/L7t:u7Kh+4CO0vfiC/beGCNYi9ApOZUH5aJ

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

needforrat.hopto.org:7000

Attributes

install_file
USB.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hello.exe

Files

hello.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ