General
-
Target
XClient.rar
-
Size
64KB
-
MD5
c648d38f1ea62ccf7d1a541351558f25
-
SHA1
99ec214b2eb19f67deb8b74763bb24ea3d563ef0
-
SHA256
c4098d8085097906713a2f1a74d3e2b798d43528dadc1e652e029ffbac7e4b68
-
SHA512
36cfa56488b4e0773e4dae51d799b8e9f4a70b0857259c613f3fce774ed117550ec0c49a23c52dd1ea965f8f1ad7fc032b4c9bf9cfbf5769d88f431d38168225
-
SSDEEP
1536:aJLQ99r2ihqbAU/p1OL7ysvcySnlUjLFMgNxp82nNVW:ax+9Ib1sCy2SMa3nG
Malware Config
Extracted
xworm
3.1
dffsdfsdfe434334.bounceme.net:4500
IP78agCbZU6v7ZTL
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/XClient.exe family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/XClient.exe
Files
-
XClient.rar.rar
-
XClient.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 127KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ