xworm | 635fe6a59f6cc90647addf668ccab6b4fdf7eceb17f887d984b79cfc5c01addc

General

Target

635fe6a59f6cc90647addf668ccab6b4fdf7eceb17f887d984b79cfc5c01addc
Size

16KB
MD5

1e6577d6f020c1c5e3f68feb865cac52
SHA1

67acf8f551d70529eb7c1067fa2562bacf8cdb57
SHA256

635fe6a59f6cc90647addf668ccab6b4fdf7eceb17f887d984b79cfc5c01addc
SHA512

6fb582d3bc10fcb7c8b2e0b358302f86051335155d4b9d86bbf40fbed2205c5df5df2e4460966b26a442063821a08125482222fc52d30795710d150b221377b8
SSDEEP

192:Jf/+4EhJmNhZSHNxeE07FLlWG76Oq6EA1xrNVNq69gMXJLuPbIY2racffnQJmpuQ:17E7mNeHLI7FAMXNqCXJaqfhp+W6uVb

Score

10^/10

xworm

Family

xworm

Version

5.0

C2

warzones12.duckdns.org:7000

Mutex

jq3PfRyUTLkExGhb

Attributes

aes.plain

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/6045030af3412c4670b042c08f7fbf0e31b670e679724388b9192fb512a1e705.exe	family_xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6045030af3412c4670b042c08f7fbf0e31b670e679724388b9192fb512a1e705.exe

635fe6a59f6cc90647addf668ccab6b4fdf7eceb17f887d984b79cfc5c01addc
.zip

Password: infected
6045030af3412c4670b042c08f7fbf0e31b670e679724388b9192fb512a1e705.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ