xworm | 222[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

222.exe
Size

50KB
MD5

2576f34d299b241f83370fae0a882c2d
SHA1

e1a33b0dd88e37a269af8d57b12924b53f973f76
SHA256

aa8d0d8781cd88e521a3c44bf57d7198d2631761630b6219663576c79aa8bad9
SHA512

2fcbb3c2f5423279a309c8238fd0c8b362f77a7b5056a44bc50892638120977113296591096b72a53230895243bb985a34be99c375a56207c8d43197d86ec617
SSDEEP

768:izwxj2Q0P1jApAl8fM4kqvtY/YpiwRFVEcFwsQpgzbFl3aY0L/u5s/Ozh1MxxP:iXdEpAl8fVXfb7QGzbFl3aL0UOz4xP

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

10.9.26.190:1194

Attributes

install_file
spoolsv.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
222.exe

Files

222.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ