General
-
Target
systemux_protectedbyezero.exe
-
Size
90KB
-
MD5
8604e44fc3ace1025f34167d00ae2371
-
SHA1
56536dec10d9375752bf6dfbcb0b95af499b8d94
-
SHA256
369411f7ffe83fc86627db37f2091e183709769c1aa1bc9844692cec959f36f7
-
SHA512
1e86790f54cb80720fea4e7f49405227c5b82ba48ebe16656c130b486ee50e492bb9cc361b72f34a3779c74457fcdd01ca4e38bd07ac854540630ef07bff332a
-
SSDEEP
1536:rnGfE+JDnxsSXj6xfe+zSLuSWYH9y8k9bXz63Og6GN:LB+Jtj+AFuSlE9bXe3OKN
Malware Config
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource systemux_protectedbyezero.exe
Files
-
systemux_protectedbyezero.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 87KB - Virtual size: 87KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ