xworm | System[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

System.exe
Size

65KB
MD5

73c0564a006b75735568c35997e98e4f
SHA1

fef16bb8a26e6fe02de7b5aa787e4612487c9ad9
SHA256

633ff6a89ebcecf9661cbd264bec284f1b16a97b6ba460100145ce17fadf1271
SHA512

e2282d5c17892d31f0b957ddbdf6f7bf2b35f120c06b17affde467b8e77f6e9927791bceb8ab1dc47986508e0f2b3ed32659fa62eddb1b0da6e9229759144a91
SSDEEP

1536:ToGcNmLD8fad128BKTn7WZbopFTkcZSS56fh4OcAmKHM:T7caIfc2IUn7WZbopBpo4Ocv2M

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

way-puppy.at.ply.gg:51899

Attributes

install_file
USB.exe

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
System.exe

Files

System.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ