xworm | vencords[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

vencords.exe
Size

51KB
MD5

6c38d2e2a2dd088682fc329061b18a61
SHA1

8d107295c87c5e650b92e0a13ee25096713a83cd
SHA256

b0edc5604004d58d4f08fefc1aa48ae5174e2f525e6c7cf02638944f9e572246
SHA512

e0ac890e86c036811f7d88e4113cf30a92109f00572732cdcf492b83afbe35f38980a41895d611780c29e052546b17e923abe84a52d73e69b2f0c12ac90d71ce
SSDEEP

1536:bULDbQZHmH03ooNmFbeF8ubkbzg9jzgmoO7Gy8h2QGx:b4D1qYy88kbzczgpO6y8cfx

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

san-periods.gl.at.ply.gg:45994

Attributes

Install_directory
%AppData%
install_file
vencord.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
vencords.exe

Files

vencords.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ