General
-
Target
Test2.exe
-
Size
326KB
-
MD5
739757c0ffd9cd8afb29717eefc37576
-
SHA1
866b6ac60e2a3e4d3dc595bdc7b60bbb5085da37
-
SHA256
1660b106cbaaf13f9539711b87200da0b489b5f5135ba77a3bfcdea3276611fb
-
SHA512
f80a0ea8344131ca603be7f3f59ee6addb48fc48890770f13eb76053635198acd72f27dbf6352358954a6fea8c9a2ab1315df0615c1eae4968ddb381d96a9e80
-
SSDEEP
1536:LVflutPMBba/UvbAotr0XXg+buqXICh4fieySWOA6/SbHMsFGfFuAYCRAutPsAzO:L9loPvcv7b+bbJhmieLWOA6En
Malware Config
Extracted
xworm
chicago-employed.gl.at.ply.gg:4782
<Xwormmm>:1234
-
Install_directory
%AppData%
-
install_file
Runtime Broker.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Test2.exe
Files
-
Test2.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 70KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 254KB - Virtual size: 254KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ