xworm | 33907bb0d8268011e6cfb1c3b06ad849d84efffd9dfb53ce3adda9933abe4472[.]exe[.]zip

General

Target

33907bb0d8268011e6cfb1c3b06ad849d84efffd9dfb53ce3adda9933abe4472.exe.zip
Size

42KB
MD5

ed98569f8fd53fb5b332815261db459c
SHA1

a0760d264b5718aa265b1b362e20658e42af6f92
SHA256

a0ada086569574fa1684abe86b87547600ed683b095ed59bd827e89749b93af3
SHA512

74453bb47dbbdf38edbf42a326d8d1867c57551d0cb03f088f4ec7ff1312e3136b3612e31a59618d27a24537093cea14104c6f97c1b41304e54afe607fdae628
SSDEEP

768:/pzhKBZfqw7A3ge6nzzxA7vVamUUVA2jdJghgI1bS/7M82M/06vSN+j4C:/pz4BZfq4gqnzziLAUbdJIgI1b8ibHNS

Score

10^/10

xworm

Family

xworm

C2

194.ip.ply.gg:58713

Mutex

tRgdVZ5X7D1u4VgL

Attributes

aes.plain

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/33907bb0d8268011e6cfb1c3b06ad849d84efffd9dfb53ce3adda9933abe4472.exe	family_xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/33907bb0d8268011e6cfb1c3b06ad849d84efffd9dfb53ce3adda9933abe4472.exe

33907bb0d8268011e6cfb1c3b06ad849d84efffd9dfb53ce3adda9933abe4472.exe.zip
.zip

Password: infected
33907bb0d8268011e6cfb1c3b06ad849d84efffd9dfb53ce3adda9933abe4472.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ