xworm | tmp | Triage

Sharing

General

Target

tmp
Size

80KB
MD5

2e8d19687243a4d1aaf96e1736078d5e
SHA1

f4e2db854ad1c09e829c8b92f2fb7186e48988db
SHA256

633aab77c8224873dea3fa309917ffd3e71091d906e84b10ef4fa905e5504d95
SHA512

e4eb7a8901982abaf23174e8d9c81267fbf6b3f889704beb5f69494ff2df4969aab08870e5cdeffb0c8519015a35f7ecfea5032834f8241cf45eb7d567de42b6
SSDEEP

1536:qQiqPu8AQpPkeyMNqfcxIvcfbu0HFFwtb+6APS7OUKhWSp+5V:XiMBekbBHfw2wOlhWSOV

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

154.197.124.87:14745

Attributes

Install_directory
%ProgramData%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ