xworm | e46d80f1b4a81c1aaafdda010b0db0eca9c0957a1a3990671d583247d33371ff

General

Target

e46d80f1b4a81c1aaafdda010b0db0eca9c0957a1a3990671d583247d33371ff
Size

16KB
MD5

c3820a85f18413b82d3f0fa5992d2d5b
SHA1

f2c0d39519bc1c5396476b76d4e7b23f5476253f
SHA256

e46d80f1b4a81c1aaafdda010b0db0eca9c0957a1a3990671d583247d33371ff
SHA512

d1843399af8cf8e08d644eee8f7bd36ec9fe5449f234e619b9d1529c282bfaccaac3b4808f12f7b34d00b937b174c480a6e73af0331261f3848e40eceaeb3626
SSDEEP

384:TX5o2P4X1U8FMePOr+VZGVubTEQ7gvEwGDJ/1jrTZu5:TX5nWXRAIUOTEDvEZhtx2

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

dzn.ddns.net:5552

Mutex

mT1l25650AkcpwGy

Attributes

Install_directory
%Temp%
install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11.exe	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11.exe

Files

e46d80f1b4a81c1aaafdda010b0db0eca9c0957a1a3990671d583247d33371ff
.zip

Password: infected
fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 31KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B