xworm | XClient12[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XClient12.exe
Size

54KB
MD5

ab8656e5a412310f1b1b6bb84f00d937
SHA1

b734c77fefad63c27cf95281f754849f159ca5fe
SHA256

2ad5f248f621265c9e62a00be47605b8d184815d51e60d6e76062f6c763b5679
SHA512

e1d8ae1d65f8dcbf52688907a6d16144ba9df2fedeed964e9a419ca2797361911242bdf12f7e0cf6188517ae12fbcb84fb2a555af32026995177c4f5450d0c91
SSDEEP

1536:dHmk4y6IS9w2pOoL9oNkbWkhxIDGW1HOAIIQCm:F4KS9nOeOkbWkj/WZOAJi

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

120.156.150.101:8085

Attributes

Install_directory
%Temp%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient12.exe

Files

XClient12.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ