xworm | XClient[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XClient.exe
Size

36KB
MD5

4302f7cb54e2b051cfc554fb572923c8
SHA1

b7f22b889c7b02a3b43287a7a966f8c418c4b71a
SHA256

7e1c48f142281469f85123ef14404a610ce2f565fe2389f4adc938c5d28ac076
SHA512

81933f9d20e6dc4106593e78975917bea97874277f8312bf50bac0ec7d8613eb2cb0bc2528050c3803ee820da91b827c259264516d1f82d099bba955c3acd1b3
SSDEEP

768:M+jiMDvJRA5g+xCwdW9OXpVFr9oh2OwhUurZsE:hiMDB0g+8wgsXFr9oAOw+vE

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

considered-stars.at.ply.gg:8888

Mutex

Kmoii3EPES5fg9hn

Attributes

install_file
USB.exe

aes.plain

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient.exe

Files

XClient.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ