Behavioral task
behavioral1
Sample
void_tempspoof.exe
Resource
win7-20231215-en
General
-
Target
void_tempspoof.exe
-
Size
236KB
-
MD5
be3c3295fed7c342468dba61e5533e47
-
SHA1
dc8b0c07f5ac768a3409779cb6b58f0c59564694
-
SHA256
89086a2228ff7802d52cd6250faccca3214de2b088571020d10cb2a299872b78
-
SHA512
07401d4135139971a4038c71b27c74ddd34b9951ac3796409330bdf4e21b4415b42e6def28f64210eb8d8a8da0e206aaae34dea4afbef369a10cab13bf06bcf3
-
SSDEEP
6144:p2o/xTkO/umxc5iXPqfghy/PC3X8mPCSr:wUomx6i/e+wqn
Malware Config
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource void_tempspoof.exe
Files
-
void_tempspoof.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 233KB - Virtual size: 232KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ