xworm | 16edc6a2a086697d5c46d3a6a2a9e6e2dae38d6bce19d95903879f322fbf54fc

General

Target

16edc6a2a086697d5c46d3a6a2a9e6e2dae38d6bce19d95903879f322fbf54fc
Size

17KB
MD5

92c3917e607af20f39fdd0b5bda20def
SHA1

2edc408536ac94ffb13716a0e7246cc062ce2f16
SHA256

16edc6a2a086697d5c46d3a6a2a9e6e2dae38d6bce19d95903879f322fbf54fc
SHA512

d076461f26476fcf78fc5ad4397449b210a49484ae3bef72a6f20e8b9e0df11f2f711bde7b829748a4245bb07da997cc48b0530b9583a99f936f2b2fcc636e5e
SSDEEP

384:6MZvupA22tf3VwKsw6eZJ/DPCtZkXaGDz8qtJHqsIW8XLxOg:6MZ22t9ws3CtGqcnT10XNOg

Score

10^/10

xworm

Family

xworm

Version

3.1

C2

marxrwo9090.duckdns.org:9090

Mutex

gEEZ3P8N2reeuJje

Attributes

aes.plain

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/e7bde63f01511d2f90a5432c2f3194e172c100e23013708e3ac1e237839eccdb.exe	family_xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e7bde63f01511d2f90a5432c2f3194e172c100e23013708e3ac1e237839eccdb.exe

16edc6a2a086697d5c46d3a6a2a9e6e2dae38d6bce19d95903879f322fbf54fc
.zip

Password: infected
e7bde63f01511d2f90a5432c2f3194e172c100e23013708e3ac1e237839eccdb.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ