General
-
Target
XClient.exe
-
Size
213KB
-
MD5
6eeffbdfff03eaf00d7483db6c348666
-
SHA1
93df850aafc9fb45ea9e70344d1217eba9ebf818
-
SHA256
585b6191950d5f3bdc1ab3cc841c04d5971bedaaac8c27d5d148ab4d8c9ad222
-
SHA512
036f31b955e0bad4e783ee1c872dbd5478960b6448f6f8ef72a3d68cc2c33d6405e51c659273bbe79faf0a979240fe362f2c8faa2c765abfe6373daa047dbc4c
-
SSDEEP
3072:mRIPxR1ES+rF1E0Mpe1s0N01+0mI4OWKWzVDFzbm7RZbmNW5ZenrqOT1+fPOF8O5:mYES+rgp8NQMbzbmlZbh5Zen2OTc+O
Malware Config
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource XClient.exe
Files
-
XClient.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 209KB - Virtual size: 208KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
oALxGQFG Size: 512B - Virtual size: 22B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.???? Size: 512B - Virtual size: 276B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ