xworm | XClient-Anti_D4dot[.]vmp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XClient-Anti_D4dot.vmp.exe
Size

472KB
MD5

f12121ad6c6852da1fa398fc1bc5afce
SHA1

9178a797afdfacb1a113b41255efc390f61b2758
SHA256

a4083ed24adaaf79df1470a98f8078394de6566b85b02fddcbb4296cc2b06c07
SHA512

68a3820317a0f1a2da531f843f569401a2971a0db596ba6ed4db944d1e6c9c96f3ce0c4117e5029679286e55a61e7943fb450cb2ac149f181404077b7e2694f2
SSDEEP

12288:XGs29Zw8zdtTfHgHuzQkIFYApfkrZla5WZI:JEw+dtTvgHuzJSjwZY57

Score

10^/10

xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient-Anti_D4dot.vmp.exe

Files

XClient-Anti_D4dot.vmp.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JeL
Size: - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TGy
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.\md
Size: 469KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ