xworm | setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

45KB
MD5

adc8da443ae5761609697a8f71d1f2b7
SHA1

a20d60f22bf8c85bde8f518548fa9268598afd05
SHA256

1e0f377625e952442639aebea13ddbaf935446441553d6d15a14db9b36f4cf1e
SHA512

6a8a78ed26863915a73a09a88ddee097adaa75fb7d30564dbd903d7286926f765b1034adb1d0c7b2f7d8f6b1e5e0e1920667023387407b905b36f0eafb37f347
SSDEEP

768:rNPCPGrBnCWcKsAVn0Zgd7tMFoVLqw9JphGIareCxjrE:rrNCWcJAVn0ZJFPw9VGFlxjrE

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

show-impressive.at.ply.gg:15918

Mutex

aLfR1ZM6co7y14UU

Attributes

install_file
usb.ini.exe

aes.plain

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
setup.exe

Files

setup.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ