xworm | 67ab40f5747366f21a134fc72249cf9359d0a0d7ce01082c66a668541cd93b74

General

Target

67ab40f5747366f21a134fc72249cf9359d0a0d7ce01082c66a668541cd93b74
Size

126KB
MD5

3c424461e954191b6e5ea29e2805e759
SHA1

d67755e5b9a53febe54165e1957d9fa22ac46691
SHA256

67ab40f5747366f21a134fc72249cf9359d0a0d7ce01082c66a668541cd93b74
SHA512

5e07a320c2593d8d6bf396a140d402c802dda5b3b5c422aae7421ec82b549cd66c76f543a2b60a391e2be928397493a42aa2955251c2e819cba65ecfa0e6907b
SSDEEP

3072:ZS4gmNVEDN/9mAV5ZEeULZXSEfR89RKlgYbV39pD:ZSdmnEx1mXeU1XJRGkCY1

Score

10^/10

xworm

Family

xworm

C2

210.246.215.82:7000

Attributes

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/829371e9f7b8108a3597cd80e432557069b217a1c3dd01b6d715597a82b611ee.exe	family_xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/829371e9f7b8108a3597cd80e432557069b217a1c3dd01b6d715597a82b611ee.exe

67ab40f5747366f21a134fc72249cf9359d0a0d7ce01082c66a668541cd93b74
.zip

Password: infected
829371e9f7b8108a3597cd80e432557069b217a1c3dd01b6d715597a82b611ee.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ