xworm | Stand[.]Launchpad[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Stand.Launchpad.exe
Size

105KB
MD5

2889bfc660bae6bf0f9166136be2559e
SHA1

474e3f337d24a9728ebe614a1862da52e11e5b23
SHA256

e4d5bcd0b849c43f5dff5f6b323001915944b1a179ee0e1788184bb178896368
SHA512

2000f5a0c757ae90dfe3cf80c9d7c441e64967ec54a57ab57e3e92268bc99915a2342fe0c4ab8c5721645e2031e9e3e1874aaf6ea0b3ccb156e77b8f3f243e1e
SSDEEP

1536:2RhGQX6wjyVACLz/gq/2zJZmBKblDrnvZV67UZ+lOEvlEeIV:2jXy+CLzIu2z3FbRrvR+lOEvgV

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

2.tcp.ngrok.io:18238:18238

Attributes

install_file
USB.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Stand.Launchpad.exe

Files

Stand.Launchpad.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ