xworm | Stand[.]Launchpad[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Stand.Launchpad.exe
Size

103KB
MD5

f4b5c9320d39e79788a85f763f4067e1
SHA1

481b23e679c851242d95ee1bdb2501e274c19078
SHA256

e65455007631770f9277b282cd1807b4f54336fcaa54a7eddc0f0209203d38af
SHA512

3836f68cea4b8dfbb287dd28400961efa060cdb0c23001b46da25927c1b324fb50d982a0e8a81d94ecd1acee4c323d9e3ef3e592866146ea661ad0303525754d
SSDEEP

3072:9/ZZAZlubyBu6CbJTzAZipOEInVOLfvmdV:9zATubyBWb1MJhwQ

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

6.tcp.eu.ngrok.io:16920

Attributes

install_file
USB.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Stand.Launchpad.exe

Files

Stand.Launchpad.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ