General
-
Target
XClient.exe
-
Size
42KB
-
MD5
16448c694b409bfd659718650d4c70c9
-
SHA1
3fbf1099887886b9d1f30c9b16ca429ef8a055ac
-
SHA256
a753282c9d378947b0eae2a9dff17973a0fdf660f7b5743424cfee3fcad1b7e2
-
SHA512
c7e3b9baf6dc2f4220879cda204262bdda42eab51b2df75d05743bee6e70fd19fd72ebb9c37a3f8631bb2c8a9eb5ed19b505cb7dc49658ecdb9d04ae51d96671
-
SSDEEP
768:Tp0g/LkG+Z83h7FFMXfIgUbxOu8LcbrrOeF3t9J+cOChy0LL0h:TOg/Lr+GR7ncIgPRYr1F99JvOCk0Ps
Malware Config
Extracted
xworm
5.0
testport43-48877.portmap.host:48877
Qtp7mUZmfJB1fwyo
-
Install_directory
%AppData%
-
install_file
Xclient.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource XClient.exe
Files
-
XClient.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ