xworm | XClient_2[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XClient_2.bin
Size

37KB
MD5

26d3b37eea33119ad75568912b9ddf37
SHA1

a47f3baff8d643de3ea02eee673a6f144b9e4ced
SHA256

4459d95c0493d640ecc9453cf6a4f2b7538b1a7b95032f70803fc726b8e40422
SHA512

472b2e48f3b912739c32ff2343b138eb3acf59ee5fe784272fd1595d264c1bec145cd8a56cd6ca668810da3940bdc6081b8ad4bb94375988a1958a4793cf36ad
SSDEEP

768:9Plh9TTg7TFGYJ2bjB61216LH/FP192N3OphirO:9Nh9/gzi16McLfFt92ZOpCO

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

16.ip.gl.ply.gg:15179

Mutex

kWnlrFH4bQCfb8gG

Attributes

install_file
svchost.exe

aes.plain

Signatures

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient_2.bin

Files

XClient_2.bin
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ