xworm | XClient[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XClient.exe
Size

68KB
MD5

007a206bb25c0acf13e42e59d884080a
SHA1

baa39efbf0125a24a588c65fb30a8d06b97bb0e9
SHA256

a378db1d6cb060a859534d09e9935b28fb5cd40360c2b46feec01dac95465964
SHA512

96ac771166de0763b4d310b99b8fa6054dee6bf9ea9e23a9321b20c566fb22d2f953c04703a21130e63c35aa3238bc69f13ec1ceffdd80b1b9b6a90c2ed520b6
SSDEEP

1536:S7FzFgkaqKCt1h9JNJidBowrI0AYbTAJ4x7DOi6KXooO31FZq:SoQRlYBowMBYbTKYieXooOFFZq

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

associates-thorough.gl.at.ply.gg:11543

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ