xworm | 9bdc8fb2ecb47adc2e5cf1c3bbe407d7edd5309e747020007388e70eee9065b6[.]exe[.]zip

General

Target

9bdc8fb2ecb47adc2e5cf1c3bbe407d7edd5309e747020007388e70eee9065b6.exe.zip
Size

56KB
MD5

a6b87e9a812bfe7654131af6fddfdec8
SHA1

84771529523900267bed01c544b0e9f24e8ac022
SHA256

428374bb24ac5c249a04be0c283c70ea7c08aaa7dcb2f74630a9089af27f8ddc
SHA512

2e4d3227725a51c36bf669fd2c7ab472379237b6eecfd23501a750113ba083c8328baf9be4a413391010c8e61eaa3be10538f35de80064dbb1656d5732cd85c5
SSDEEP

1536:mHY4P0z17THSfyQ5oRAFx81oCqfpymRchzkDjBjNENIq:m4B1XuyQyRcx8b8dWkRqOq

Score

10^/10

xworm

Family

xworm

Version

3.1

C2

needforrat.hopto.org:7000

Attributes

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/9bdc8fb2ecb47adc2e5cf1c3bbe407d7edd5309e747020007388e70eee9065b6.exe	family_xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9bdc8fb2ecb47adc2e5cf1c3bbe407d7edd5309e747020007388e70eee9065b6.exe

9bdc8fb2ecb47adc2e5cf1c3bbe407d7edd5309e747020007388e70eee9065b6.exe.zip
.zip

Password: infected
9bdc8fb2ecb47adc2e5cf1c3bbe407d7edd5309e747020007388e70eee9065b6.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ