xworm | 0ae6d4c4c07371c493f15c7e1ecfeabc61d9fe28b0e963ac7de2799c0f84f986

General

Target

0ae6d4c4c07371c493f15c7e1ecfeabc61d9fe28b0e963ac7de2799c0f84f986
Size

16KB
MD5

54b54b9cb0ea2c9e523fc0eb6499ee38
SHA1

2399e74aebd9855e653577e72d8cce86a44ac699
SHA256

0ae6d4c4c07371c493f15c7e1ecfeabc61d9fe28b0e963ac7de2799c0f84f986
SHA512

6a6b37a8bc891852625e2cae65343c99188e65a206b13572ec260116d4d0034e70cc4b8949e7560d01004b0a3f8f82dfa6f53f0ab4355632b2e44c5bfe56d3f1
SSDEEP

384:++Vfy3EzKO9dmLWzkGCie8K9wMl79KdC1UQmqKFdC+XiZ+E:NVfgML9dJS9Ruu79KdC1U29QE

Score

10^/10

xworm

Family

xworm

Version

3.1

C2

xwv5group7001.duckdns.org:7001

Mutex

mrkh245537gVoEKF

Attributes

aes.plain

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/333f2437106696b8daea10f30724be9b226fb4db1e9f967757fb14f7c8f41511.exe	family_xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/333f2437106696b8daea10f30724be9b226fb4db1e9f967757fb14f7c8f41511.exe

0ae6d4c4c07371c493f15c7e1ecfeabc61d9fe28b0e963ac7de2799c0f84f986
.zip

Password: infected
333f2437106696b8daea10f30724be9b226fb4db1e9f967757fb14f7c8f41511.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ