xworm | XClient[.]exe

Resubmissions

08-05-2024 18:11

240508-wsqkwage4w 10

08-05-2024 18:07

240508-wqltxaah47 10

Sharing

Copy URL

Twitter E-mail

General

Target

XClient.exe
Size

67KB
MD5

c9cd80d55733208fc06b8b52cddb52dc
SHA1

6cc60302d90e7d7661b5b194fa954efacba19d49
SHA256

5fb96191ad7394700966c0854e3f1225b8b2989f528ce6993a747ff7a9cf2552
SHA512

befca56bfce924e50c11f9d702ab2d6a6e05d55cd4399c4ac37891c1d337a43d05060f5cb9a1600fc4c172f7816fad14bc02e0c8d44eb82b55f61da4812cd0aa
SSDEEP

1536:n5ydgkcoaOOTxMH/W0WybZYgmH2r2i6urYiZOenvefZ3:FVxMfwybZ4rYXZOewZ3

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

silver-bowl.gl.at.ply.gg:29206

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 64KB - Virtual size: 64KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B