Overview

overview

10

Static

static

10

2592-68-0x...ry.exe

windows7-x64

2592-68-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2592-68-0x0000000000C70000-0x000000000147E000-memory.dmp

  • Size

    8.1MB

  • MD5

    027d6d520d80ad0e6d8bf6470c94547e

  • SHA1

    70ad3854c2801afbc748269fb3acfbc43627e54a

  • SHA256

    224539566b3e556d047d3ed3aed5f3476f3987678f7acfc2ebba11bb96afe03f

  • SHA512

    6c7dd66c765d61c399f25a103baebc80ef52bcb5dec63b9e2b6e4e66047ae671cc1e7607df33603c27075700cb61cdf111b9fdeff30cacde176792685234e475

  • SSDEEP

    98304:ILKR8dvrSwWZzAe2IZCnN3A0q7ww1zij7uPYpsWsV3rSJ9qIP7GYHNqmfU:emKIZMwN1xw1g3W39DGYHNPU

Score
10/10
themidaxworm

Malware Config

Extracted

Family

xworm

C2

stores-anytime.at.ply.gg:36673

Mutex

14hyqdgIYznSdTk2

Attributes
  • install_file

    USB.exe

aes.plain

Signatures

  • Xworm family
    xworm
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2592-68-0x0000000000C70000-0x000000000147E000-memory.dmp
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections