xworm | 0ff99744640716d98efecc6eea41f1fb[.]bin

General

Target

0ff99744640716d98efecc6eea41f1fb.bin
Size

17KB
MD5

cf471ee7850ff77effa2dc4c68801750
SHA1

acb4692a06012c92db01804199ab92e65226c8f0
SHA256

7e208fc94c4e1affd1c47088b0b36c0db31392db9beec537fcc4ccd4d417cfac
SHA512

df51b38cd07ec3d9493c5ff71db6201b5298a8d763beeaa8de29e8843c35cc77b0324fbea1b8636b30caedd56c6a86cefdfae840e4e778fecf68b1d67b27ebd3
SSDEEP

384:7RyznZal0lV6N2qD7XrzENnYd2lxQubir:1yzZalG6N2qD/zENn1Qbr

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

191.55.116.39:5552

Mutex

2RTcguMFH1NFy3yF

Attributes

install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/329d5bf6b075b637720e8cd7cf82b170d4f8dc7b1dc8917bdbecd3ae58a74d8e.dll	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/329d5bf6b075b637720e8cd7cf82b170d4f8dc7b1dc8917bdbecd3ae58a74d8e.dll

Files

0ff99744640716d98efecc6eea41f1fb.bin
.zip

Password: infected
329d5bf6b075b637720e8cd7cf82b170d4f8dc7b1dc8917bdbecd3ae58a74d8e.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\New Private Panell Src 3.0 New\New Private Panell Src 3.0 2025\New Private Panell Src 3.0\XClient Src Server\obj\Debug\net40\XClient.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 33KB - Virtual size: 33KB

.rsrc Size: 1024B - Virtual size: 816B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 1024B - Virtual size: 816B

.reloc
Size: 512B - Virtual size: 12B