General
-
Target
LpHuEOBePyiJA7ptBDaShyFywik3eLZcBtfBbJky.exe
-
Size
83KB
-
MD5
5cacee3c6ddb0f97d708439e0dd4488a
-
SHA1
39db4ffc10506a07c7e4bd99a88186e0b295b9ab
-
SHA256
e3d3b17792640e70ba0ab4537053064185e6724c3d2df7600157843febfc9d1e
-
SHA512
00ead953ae2e65754b9c8ba466b0717ce5aa5ed24754d74d95a1bbbe128c088d02f8e2477006b8296634e92ea67b5bffe7b59e85cde23951377c921469272ed9
-
SSDEEP
1536:CP6XDPPnQSAgIfZfGUq2A87EZ3bG2M0LjiVY/V33XOlN7W/DVqN:CYgOIfZOUdkZ3bvJyVYh3XOlN7kDu
Malware Config
Extracted
xworm
-
Install_directory
%LocalAppData%
-
install_file
svchost.exe
-
pastebin_url
https://pastebin.com/raw/wrHXjRMP
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource LpHuEOBePyiJA7ptBDaShyFywik3eLZcBtfBbJky.exe
Files
-
LpHuEOBePyiJA7ptBDaShyFywik3eLZcBtfBbJky.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 80KB - Virtual size: 80KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ