General
-
Target
exrafilesdota2.zipka.exe
-
Size
201KB
-
MD5
758302c498a3aab74822923a9cf036bc
-
SHA1
874716275b7c91836c80ed13eb06b3052eb5892a
-
SHA256
de0c16038e38aa47f8c99ae78b8f5f0a5eb5f863d8207003f0f50ac717b4b641
-
SHA512
34e4ec2c503ead8645ea353ea1164c083e766224741aec1be08f652b69849e76ea5e41b6d5dd10fe1efa4271fb26d07c0936ea6f80f4cf4378b3d229e86a5471
-
SSDEEP
3072:9hfuYCGlmxFN9fDrOjCc8SKfbzxcwg7es6/Vsb8VKTup49oJMfF/H9N3Ky9NzLn9:95uN9YUhcX7elbKTuq9bfF/H9d9n
Malware Config
Extracted
xworm
5.0
127.0.0.1:10581
18.ip.gl.ply.gg:10581
BTpDSu8Zuz2lR97E
-
Install_directory
%AppData%
-
install_file
XClient.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource exrafilesdota2.zipka.exe
Files
-
exrafilesdota2.zipka.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 166KB - Virtual size: 166KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ