xworm | FluxusV2[.]0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FluxusV2.0.exe
Size

4.1MB
MD5

4b7f6306fa09a643c327773abec75938
SHA1

2b751bb0e50800c1aaeb713bdf5557e0cfc3a0af
SHA256

4c671bf62d37e6662f6bcf08e5a5325a0312978dcb145bfafb8f58d526b02bd8
SHA512

92364988e4517a73b2713c9e36217ca99998069097c189efacbbe038822e80eeaf8da63845796774181da910ca36231d1d2b285be7ee47e9f6cfe046c2efa576
SSDEEP

49152:YgLIR9JyCns59qfuce05XlWycazyClY1YH8PnGpv80tbvvqVUcZcx:YgLIRfyC7egWJa3lY1U82kmvvoUcy

Score

10^/10

xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FluxusV2.0.exe

Files

FluxusV2.0.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ