Static task
static1
General
-
Target
xvm.exe
-
Size
36KB
-
MD5
86c8fae87e910b4a8e948071e2db44bc
-
SHA1
d41c16321dfd040ab7767b15a6cb2c572f4093bc
-
SHA256
b3d1cf40566f11b8295fff1540fe2f2640ce852e8a21aa536af324afb1d41c3b
-
SHA512
c4ac707dfe85843506ab7bd328273113fa649090156b7a05c09b55d6d4c7cf5c1c6a10fd2a945bd4f28567f1fbd9641622f686d23a359f7dea1dc11413cb7287
-
SSDEEP
768:4FQk1eEoh9fYfSEADpPQ1cdjws3s3rjNVAVp:4FFsEA9czANI1cNluvA
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource xvm.exe
Files
-
xvm.exe.exe windows x64
e649e31fa5a74c578efb967186632592
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
oraxml18
XmlXvmDestroyComp
XmlXvmDestroy
XmlXvmGetObjectNSetNode
XmlXvmGetObjectNSetNum
XmlXvmGetObjectBoolean
XmlXvmGetOutputDom
XmlXvmGetObjectString
XmlXvmGetObjectType
XmlXvmEvaluateXPath
XmlXvmTransformFile
XmlXvmTransformDom
XmlXvmTransformURI
XmlXvmTransformBuffer
XmlXvmSetDebugFlags
XmlXvmSetOutputDom
XmlXvmSetOutputStream
XmlXvmSetOutputSax
XmlXvmSetBytecodeFile
XmlXvmSetBytecodeBuffer
XmlXvmSetOutputEncoding
LpxPrintStream
XmlXvmGetObjectNumber
XmlXvmSetBaseURI
XmlXvmGetBytecodeLength
XmlXvmCompileXPath
XmlXvmCompileFile
XmlXvmCompileDom
XmlLoadDom
XmlXvmCompileURI
XmlXvmCompileBuffer
XmlXvmCreate
XmlXvmCreateComp
XmlCreateNew
oracore18
SlfFwrite
OraMemTerm
OraMemFree
SlfFclose
SlfFread
SlfFopen
OraMemAlloc
SlfStatn
OraMemInit
msvcr120
fwrite
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
_commode
_fmode
__initenv
__C_specific_handler
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
memset
strncpy
vsprintf
sprintf
memcpy
exit
printf
puts
__iob_func
putchar
fflush
_chdir
strlen
strncat
orauts
GetCurrentThreadId
LoadLibraryA
kernel32
QueryPerformanceCounter
DecodePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetThreadLocale
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
FormatMessageA
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 732B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ